markbase-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs "git pull" at session start and then uses markbase commands like "markbase note render" and "markbase query" to read and act on vault files (including remotely committed notes), so untrusted/user-generated repository content can be ingested and materially influence routing, template selection, note creation, and subsequent update actions as described in SKILL.md.