requirements-ticket-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads and parses the most recent JSON from the configured issue tracker (specified via /orchestra-config.json, e.g., "linear") and uses that user-generated comment as primary context to decide which artifacts to read, what clarifying questions to ask, and whether to invoke downstream agents, so untrusted third-party content in issue comments could materially influence behavior.