context-save

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The skill embeds numerous side-effectful instructions unrelated to "save working context" (telemetry/brain sync, auto-upgrade and vendoring migration with git rm/commits, injecting CLAUDE.md routing rules, telemetry/remote-logging) that alter agent behavior and repo state beyond the stated purpose, so it contains deceptive/out-of-scope directives.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's preamble and "Artifacts Sync" steps explicitly run git fetch/merge on the GSTACK_HOME repo and call gstack-brain-sync / gbrain (and read a URL from ~/.gstack-artifacts-remote.txt and ~/.claude.json for remote MCP), which pulls and indexes remote Git/GitHub/GitLab artifacts and remote brain content into the agent's workspace — i.e., it ingests third-party repository/web-hosted content that the agent will read and use to influence decisions.