ak-task

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow explicitly directs the agent to read repo CONTRIBUTING.md and source files, PR bodies/diffs via "gh pr view"/"gh pr diff", agent/task notes, and visit staging/preview URLs (all user-generated or public web content) as part of its mandatory create→assign→monitor→review→merge/reject flow, so untrusted third‑party content can directly influence tool actions and decisions.