daily-meeting-update

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt explicitly instructs "Silent Detection" to probe local files and tooling presence "silently (suppress errors, don't show to user)," which is a hidden/deceptive instruction that contradicts the skill's stated consent-before-access principle and falls outside the advertised interactive standup purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly pulls and uses user-generated content from third-party sources—GitHub/Git and Jira (commits, PRs, reviews, ticket descriptions as described in Phase 1/Step 3) and local Claude Code session files under ~/.claude/projects via scripts/claude_digest.py—and presents that content as context that influences interview questions and the generated update, so untrusted third-party content could indirectly inject instructions that affect behavior.