jujutsu

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to clone and fetch remote repositories (e.g., "jj git clone " and "jj git fetch"), meaning the agent will ingest and act on untrusted third-party repository content (code, commits, messages) which can materially influence subsequent actions.