snap-ship

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md "Analyze" step explicitly fetches linked issue bodies and comments and recurses through public PRD/epic/breakdown links on GitHub, ingesting user-generated third-party content that the agent uses to bound PR title/body/closure claims, so untrusted content can influence behavior.