recap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's fetcher scripts (e.g., github-activity and basecamp-activity invoked in "Step 2: Fetch Activity" in SKILL.md) pull user-generated PRs/messages/commit data into cached JSON under ~/.cache/recap, which the Reporter (Step 3) and Editor (references/*.md) explicitly read and synthesize as part of their workflow—so untrusted third-party content is ingested and can influence narrative composition.