taubyte-core-rules

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs cloning and reading third-party GitHub repositories and config files (e.g., "tau clone website", and reading [project]/config/websites/[name].yaml to extract source.github.id / source.github.fullname) and then uses those values to drive commands and deployments (dream inject push-specific, npm run displace), so untrusted user-generated content can directly influence tool use and next actions.