retro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs git fetch and numerous git log commands (e.g., "git fetch origin " and many "git log origin/ --since=...") and a global discovery flow that runs gstack-global-discover and then git fetch on discovered repos, meaning the agent ingests and interprets arbitrary, user-generated commit messages, PR titles, and repo contents from remote repositories (third‑party/untrusted sources) as part of its required workflow—these inputs can materially influence decisions and tool use.