setup-deploy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Artifacts Sync" and preamble explicitly run git fetch/merge and call gstack-brain-sync (and read ~/.gstack-artifacts-remote.txt and remote gbrain URLs), then "If artifacts are listed, read the newest useful one", so it pulls and ingests remote/user-generated repo/brain artifacts which the agent is expected to read and that can influence routing/config and subsequent actions.