design-shotgun

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's preamble includes an automatic GBrain sync that runs git fetch/merge from a remote origin in ~/.gstack (pulling external repo content) and the workflow reads synced files (e.g., taste-profile.json, approved.json) to bias generation and routing; it also can open public URLs (e.g., https://garryslist.org) — together this shows the agent fetches and ingests third-party/untrusted content that can materially influence decisions.