jujutsu

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs fetching public repositories (e.g., "jj git clone https://github.com/owner/repo" and "jj git fetch") and includes commands to show file contents and logs (e.g., jj file show, jj log), which means the agent would ingest and act on untrusted, user-generated third-party repository content from places like GitHub.