woostack-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). At runtime, the skill fetches and ingests outsider-authored PR content (e.g., prefetch.sh downloads the PR diff/body via gh and writes it to $OUTDIR/diff.txt/meta.json, which are then read by angle sub-agents and included in LLM context), enabling indirect prompt injection through attacker-controlled code/comments.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)