make-pdf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's startup and rendering flows fetch and ingest remote, user-controlled content — notably the Artifacts Sync step which runs git fetch/merge and calls gstack-brain-sync (pulling artifacts/GitHub-like repos and gbrain data), and the renderer/browse path which can fetch external images when --allow-network is enabled — any of which can supply untrusted, third‑party markdown/HTML that the agent will read and which the skill uses to influence search, routing, or behavior.