github-scrum

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and acts on user-generated GitHub content (issues, PRs, comments, and repo files) via MCP tools like mcp_github_github_issue_read/search/list_issues and the gh API/CLI in required workflows (e.g., Backlog Refinement, Sprint Planning, Definition of Done), so untrusted third-party content from GitHub can materially influence agent decisions and tool actions.