health

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The skill embeds numerous side-effecting workflows (auto-update/upgrade flows, telemetry toggles and analytics writes, CLAUDE.md routing injection and commits, vendored gstack migration that runs git rm & commits, brain/artifacts syncs) that go beyond "produce a read-only health dashboard" and can modify repo files, configs, or settings — i.e., deceptive/out-of-scope instructions even though they are not obfuscated.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Artifacts Sync and Context Recovery steps explicitly run gstack-brain-sync and git fetch/merge in the GSTACK_HOME repo and call gbrain doctor --json (Artifacts Sync / GBrain presence sections), then "read the newest useful" artifact into context—so it can fetch and ingest remote Git/GBrain-hosted content (potentially public/user-generated) that could influence tooling, suggestions, or next actions.