daily-meeting-update

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt explicitly instructs "Silent Detection" to probe local files and tooling presence "silently (suppress errors, don't show to user)," which is a hidden/deceptive instruction that contradicts the skill's stated consent-before-access principle and falls outside the advertised interactive standup purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly pulls and displays user-generated third-party content from GitHub/Git (via gh/git) and Jira (via jira CLI) — e.g., commits, PRs, reviews, and ticket descriptions in "Phase 1: Pull GitHub/Jira Data" and then "show pulled data as context" during the Phase 2 interview — which exposes the agent to untrusted external content that could contain indirect prompt injections.