create-milestone

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The "Finding the Grant UID" section instructs the agent to curl the public Karma API (BASE_URL/v2/projects and /v2/projects/.../grants) and parse project/grant JSON (user-generated/untrusted content) to choose a grant UID, so external third‑party data is ingested and can materially influence which actions the agent takes.