zc-bug-fix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses bug reports from a configured ZenTao endpoint (see SKILL.md "阶段 1: 读取禅道 Bug" and scripts/zentao.sh which curl "${ZENTAO_URL}/bug-view-.json"), and those bug descriptions/logs are user-provided/untrusted content that the agent must read, classify, and use to drive subsequent actions (branching, MR/issue creation, and ZenTao writeback), so third‑party content can materially influence behavior.