lx-git

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly pulls arbitrary remote knowledge repositories by URL (e.g., "lx git clone 'https://lexiangla.com/spaces/sp_xxx'" in SKILL.md and references/git.md), ingesting untrusted/user-generated content into the worktree that the agent reads via commands like lx git diff/status/log and that can materially affect actions (pull/push/revert), so third‑party content could indirectly inject instructions.