closed-loop-delivery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly instructs the agent to "fetch PR comments/reviews" (Default Workflow step 4) and defines a PR Comment Polling Policy, and even gives a DoD example that checks a third-party payment URL, meaning the agent will ingest user-generated/untrusted PR content and external URLs and act on them (classifying comments, making fixes, and driving deployments), which could enable indirect prompt injection.