vault-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The workflow (Workflows/ImportFiles.md and Workflows/Setup.md) explicitly tells the agent to "Sort everything in inbox/" and states "Claude will read each file, infer its topic, and move it" (and the import scripts copy arbitrary .md/.pdf/.docx files into inbox/), so the skill ingests arbitrary user-supplied/untrusted documents whose contents directly influence agent actions.