daily-meeting-update

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt explicitly instructs "Silent Detection" to probe local files and tooling presence "silently (suppress errors, don't show to user)," which is a hidden/deceptive instruction that contradicts the skill's stated consent-before-access principle and falls outside the advertised interactive standup purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly pulls and displays user activity from third-party developer platforms—e.g., GitHub (via the gh CLI, listing commits/PRs and links like https://github.com/org/repo/pull/125) and Jira tickets—and uses those externally-sourced, user-generated titles/messages as context in the interview and final update, which exposes the agent to untrusted third-party content that could carry indirect prompt injection.