jujutsu

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to perform remote operations like "jj git fetch" and to inspect commits/diffs (see "Remote Operations" and "Cleaning Up Before Push"), which causes it to fetch and read content from public/untrusted git remotes (e.g., GitHub) containing user-generated commits that could influence follow-up actions.