jujutsu

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow includes executing remote operations (see "Remote Operations" and "Cleaning Up Before Push" where it instructs running commands like jj git fetch, jj git fetch --remote origin, and references GitHub), which means the agent will ingest untrusted public repository content (commits/PRs/messages) that can materially influence rebase/push decisions and subsequent actions.