implement

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly runs gh issue view to fetch GitHub issue content (user-generated, potentially public/untrusted) and then reads and follows that issue/plan.md to determine implementation steps and commits, so external issue text can directly influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes the GitHub CLI at runtime ("gh issue view") to fetch a GitHub issue URL supplied via $ARGUMENTS (e.g., https://github.com///issues/), and the fetched issue content is used to drive implementation steps and thus directly controls the agent's instructions.