obsidian-log-commits

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to use the GitHub CLI/API (e.g., "gh repo list", "gh api /user/orgs") to fetch repository commits, meaning it ingests untrusted, user-generated commit messages from public third‑party GitHub repos and uses them to decide what to log and to synthesize actions, so those external messages could influence behavior.