book-writing-workspace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes explicit git fetch/pull steps in its required prompts and instructions (e.g., references/prompts/gpull.prompt.md, .github/copilot-instructions.md, and AGENTS.md quick commands) which cause the agent to fetch and then read repository changes from a remote (potentially public/untrusted) origin that could contain user-generated instructions influencing subsequent agent actions.