war-room

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Prior Decision Check" in modules/discussion-publishing.md issues GitHub GraphQL search queries against Discussions (gh api graphql) and ingests those public/user-generated discussion bodies to present prior decisions and potentially skip or alter the War Room flow, which exposes the agent to untrusted third‑party content that can materially change behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt includes explicit CLI instructions that encourage bypassing security checks (e.g., "claude-glm --dangerously-skip-permissions") and mandates executing local tooling (tmux, gh api, writing to ~/.claude) and publishing workflows, which push the agent toward actions that can alter the host environment and circumvent permissions.