jj

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows (SKILL.md and git.md) instruct the agent to run network operations like jj git clone and jj git fetch which import commits, bookmarks, and files from public Git remotes (e.g., GitHub/GitLab), and the agent is expected to read/inspect that imported repository content (jj log/show/file) and make follow-up decisions (rebase, push, resolve conflicts), so untrusted third-party repo content can materially influence tool use and next actions.