selftune

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill explicitly ingests and reads user-generated session data from other platforms (see SKILL.md: "ingesting sessions from other platforms" and CLI entries like selftune ingest codex / selftune ingest opencode), and those logs are used by autonomous loops (selftune orchestrate, evolve, watch) to generate and deploy evolution proposals that can change agent behavior, so untrusted third‑party content can materially influence actions.