huly-assist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow (SKILL.md) explicitly reads user-generated workspace content via the HULY_HOST CLI commands (e.g., "huly docs read", "huly tasks", "huly task ...", "huly docs list"), meaning it fetches and interprets documents and task descriptions from a third-party Huly instance that could contain untrusted instructions affecting agent decisions.