jujutsu

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md instructs the agent to read and act on repository data from remotes (e.g., "jj git fetch", "jj log", "jj log -T '...description...'", and other Git Interop / Revset examples) which are untrusted, user-generated third-party contents (commit messages, descriptions, and remote history) that the agent is expected to interpret and that can materially influence actions like rebases, merges, and pushes.