realm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's serve.py and workflow explicitly ingest and parse user-generated repository data (get_recent_commits reads git log from the TARGET_DIR repo, get_journal_changes reads .agents/*.md, and parse_realm_state reads .agents/realm-state.md) and then uses commit messages, journal content, and parsed state to award XP, trigger rank-ups/badges, and drive events/HTML outputs—so untrusted third-party content could materially influence the agent's decisions and outputs.