XIP Writing (XerahS Improvement Proposals)

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill requires reading and syncing GitHub issue bodies as the "source of truth" for XIPs (via the xip-sync workflow and sync-from-github.ps1), which are public, user-generated GitHub content that the agent is expected to ingest and whose text can directly influence actions, so untrusted third-party content could inject instructions.