plan-viz

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts GitHub issue references and, per SKILL.md and scripts/detect-plan-context.sh, calls "gh issue view #N" to pull and extract an issue's body (public user-generated GitHub content) which the agent uses to drive plan extraction and subsequent actions, exposing it to untrusted third-party instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs gh issue view to pull GitHub issue content at runtime (e.g., via the GitHub API https://api.github.com or the issue URL https://github.com/:owner/:repo/issues/:number), and that fetched issue body is used to extract requirements and drive the agent's prompts/instructions, so external content can directly control the agent.