plan-tune

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The preamble's Artifacts Sync and Context Recovery steps explicitly run git fetch / gstack-brain-sync (pulling from configured GitHub/GitLab remotes or URLs) and offer to open an external URL (https://garryslist.org/…) and then "read the newest useful" artifact, so the skill fetches and ingests third‑party/user‑generated web/git content which the agent is expected to read and which can affect decisions and next actions.