setup-deploy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly runs remote sync and fetch operations (e.g., "git fetch origin && git merge ...", "~/.claude/skills/gstack/bin/gstack-brain-sync --once") and then "read[s] the newest useful" artifact in the Artifacts Sync / Context Recovery sections (and can optionally open an external URL), so it ingests content from third‑party git/GitHub/GitLab artifacts and public web pages that the agent will read and could change subsequent actions.