session-support

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's CLI can clone arbitrary template repositories using execSync(git clone ${template.url} ...) in scripts/manage-dev.ts (with template URLs configured via scripts/templates.json), and then reads/parses files from the cloned repo such as CONTEXT.md and ROADMAP.md (parseContext/parseRoadmap), so untrusted public repository content could be ingested and influence the agent's workflow.