visualize-plan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly pulls and interprets GitHub issue content (user-generated, potentially public) as input—see STEP 0's "GitHub issue" option and the SKILL.md logic that treats "#N" as an issue plus scripts/detect-plan-context.sh which calls gh issue view—so untrusted issue bodies are read and can materially influence planning, decisions, and follow-up actions.