obsidian-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's instructions (references/agent-dos-donts.md and other SKILL.md guidance) explicitly tell the agent to clone and read external repos into a .ref folder (and to consult files like .ref/obsidian-api/obsidian.d.ts), which means the agent will fetch and interpret arbitrary third‑party repository content that can influence subsequent actions.