faf-wizard

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The required runtime workflow (“faf auto” / context mining) ingests readable text from the target project’s files—especially README/docs and generated project.faf—which are authored by parties other than the operating user when the user points it at an arbitrary external OSS/client repo, creating an indirect prompt-injection path into the agent’s LLM context.