war-room

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Prior Decision Check" (modules/discussion-publishing.md) explicitly runs gh api GraphQL searches against GitHub Discussions and ingests discussion bodies (user-generated, third-party content) before Phase 1 to decide whether to skip or proceed, meaning untrusted discussion text can directly influence routing and decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt explicitly encourages bypassing security controls (e.g., "claude-glm --dangerously-skip-permissions") and mandates running CLI workflows and persistent agent processes that can change host state, so it pushes the agent toward compromising the machine's security posture.