project-artifact

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Outsider free text can enter the LLM context when the skill “Pull[s] whatever the domain gives you cheaply — always live” for software projects, including PR bodies/review thread content via gh pr view <n> --json body and GraphQL review thread data; those are third-party authored texts (outsider) that the agent summarizes into the published HTML/artifact-state.