cso

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly uses WebSearch and gbrain/artifacts sync (e.g., git fetch/merge and ~/.claude/skills/gstack/bin/gstack-brain-sync) and Phase 8/skill-supply-chain workflows (plus optional global-skill scans) that fetch or ingest content from remote public repos/web pages and SKILL.md files, so untrusted third‑party content could be read and influence the agent's analysis.