chezmoi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill explicitly loads and applies external, public sources defined in .chezmoiexternal.yaml / .chezmoiexternals (examples show GitHub archive/repo URLs and curl install scripts) and runs scripts/hooks that fetch/execute that content during chezmoi apply, so untrusted third-party content can be read and influence actions.