dayu-harness

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). Runtime path: the skill’s LLM context can include free-form text from the target project’s existing docs//AGENTS.md/CLAUDE.md (e.g., in fusion/maintenance/diagnosis it reads and summarizes description_nl from audit.sh/diff-helper.sh and presents it to the user), and those files are outsider-authored relative to the operating user.