terragrunt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's stack and unit workflows explicitly allow fetching remote modules from public git URLs (e.g., the "stack 'environment' { source = 'git::github.com/org/catalog.git//...'}" example and the references/units.md mention of "git::github.com/org/repo.git//modules/..."), meaning untrusted third-party module code would be fetched and executed as part of planning/applying and could materially influence tool behavior.