brag-sheet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The Backfill Workflow explicitly instructs the agent to read user-generated third-party content — e.g., "gh pr list --author @me" (PR history), "git log ..." (commit messages), and Copilot session files under ~/.copilot/session-state/ — which the agent parses and uses to draft entries, so untrusted external content can influence its decisions and outputs.