workspace-init

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's import flow explicitly fetches and parses arbitrary URLs (see "Import from URL" in SKILL.md) and scripts/init-workspace.sh uses curl/wget to write remote content into WORKSPACE.md which the agent will parse and act on (e.g., create projects, clone repos), allowing untrusted third-party content to influence subsequent actions.