boxyard-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly includes fetching from arbitrary remote sources (e.g., "boxyard new --git-clone git@github.com:..." and rclone-backed remote stores / sync operations) and documents that per-box conf files (conf/.rclone_include, .rclone_exclude, etc.) are read and applied during sync, meaning untrusted third-party/user-provided content can be fetched and can materially change sync/tool behavior.