brain-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly pulls and rebases from the remote repository specified in Step 3 (Option B) and Step 4-1 ("git ... fetch origin main" / rebase origin/main), meaning it ingests content from a user-provided GitHub URL which could be untrusted user-generated data that would update ~/.brain and thus materially influence agent behavior.