prd-to-issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (SKILL.md, "Locate the PRD" step) instructs the agent to fetch a user-provided GitHub PRD via gh issue view <number> and "read and internalize the full PRD content (with all comments)," which ingests untrusted, user-generated third‑party content that will directly influence the agent's decisions and tooling actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches a user-supplied GitHub issue at runtime using "gh issue view " (e.g., https://github.com///issues/), and that fetched PRD content is read and internalized to drive the agent's instructions and outputs, so it is a required external dependency that directly controls prompts.