plan-design-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Artifacts Sync and preamble explicitly run git fetch/origin and gstack-brain-sync and read a user-configured ~/.gstack-artifacts-remote.txt / ~/.gstack-brain-remote.txt (which can contain arbitrary remote repo URLs) to pull artifacts and gbrain data into the review flow, meaning external/public repo content can be ingested and influence tool choices and review decisions.