aurora-sheets-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly pulls and parses Google Sheets specified by spreadsheetId in aurora-sheets.config.json (see SKILL.md pull commands and scripts/aurora-sheets-sync/src/sync/sheet-to-yaml.ts), so untrusted/user-provided spreadsheet content is ingested and can directly alter YAML and subsequent actions.