refine-daily-note

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly ingests user-generated third-party content via Phase 1b "Slack Activity Scan" (read-slack-activity) and Phase 1d "GitHub Activity Scan" (read-github-activity) and then reads and interprets those messages/PRs to summarize activity, suggest time entries, enrich notes, and create/update files—behavior that could be influenced by malicious or arbitrary third-party content.