pi-workspace-prompts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch templates from slugs or owner/repo (see "preview <slug|owner/repo>" and the compose step "mise run prompts -- --preview " → 템플릿 fetch), so the agent ingests untrusted public repository/user-generated content that is used to synthesize agent behavior and can alter subsequent actions.