restic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md and references clearly instruct runtime interactions with arbitrary external backends and downloads — e.g., installing rest-server via "wget https://github.com/restic/rest-server/..." in references/common-patterns.md and use of RESTIC_REPOSITORY URLs (s3:, sftp:, rest:) in SKILL.md — meaning the agent will fetch and interpret untrusted third-party repository contents and web resources (snapshots, metadata, docs) that can materially affect subsequent restore/prune/tool actions.