document-release

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads and acts on user-generated remote content — e.g., it calls gh pr view --json body / glab mr view to read and gh pr edit / glab mr update to write PR/MR bodies, and it also consumes external artifact/brain remote URLs (via ~/.gstack-artifacts-remote.txt and gbrain remote mode); these are third-party, user-provided sources that the agent interprets and uses to decide and perform edits.