bonfire-end

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly reads external PR/issue links and runs "gh pr view" (Step 7.1) and scans "stale external links" in .bonfire (Step 6.1), so it ingests user-generated, public GitHub content which the agent will read and interpret as part of its workflow.