project

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly clones and updates arbitrary GitHub repositories (learn.ts, incubate.ts, reunion.ts using ghq get / gh repo and scripts/search.ts via the GitHub API) and then scans repository files (ψ/memory, learnings, retrospectives, docs) and indexes their contents (scripts/reunion.ts and scripts/index.ts), meaning untrusted, user-generated third‑party content from public GitHub can be read and used to drive indexing, spinoff/commit/push actions and other workflow decisions.