personal-loop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill’s runtime workflow reads and executes prompt files from LOOP_DIR/*.md (e.g., Load F as the active review prompt for this stage), so if those prompt files are outsider-authored, their free-text contents are ingested into the agent’s LLM context via the “load F” step.