theo-jujutsu

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow repeatedly instructs fetching and using remote Git repositories (e.g., "jj git fetch", "jj git clone --colocate ", and commands referencing main@origin) which ingests content from public/untrusted remotes and then uses that content to drive rebases, logs, and other operations, so untrusted third-party commits or metadata could materially influence actions.