superdisco-moai-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs fetching and syncing from the upstream public repository "modu-ai/moai-adk" (e.g., "git fetch upstream" and the sync_upstream.py workflow), so the skill ingests external, untrusted repository content that could alter agent behavior.