prd-to-issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read a PRD from a GitHub issue ("Ask the user for the PRD GitHub issue number or URL" and "fetch it with: gh issue view <number> --comments"), which is untrusted, user-generated third-party content that the agent must interpret and use to drive subsequent decisions and create issues.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs fetching the PRD at runtime with "gh issue view --comments", which pulls content from GitHub issue URLs (e.g. https://github.com///issues/) and that externally fetched content would directly control the agent's prompts and is required for the skill to run.