woostack-execute-overnight

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). Outsider free text can enter the LLM context via the post-implementation review sweep: woostack-sweep runs woostack-review --full, which necessarily ingests PR content (comments/threads) authored by non-operating users; those texts are then used to generate review verdicts and are fed into the agent/LLM during the sweep.