chatwit-upstream-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and inspect the public upstream GitHub repository (e.g., "git fetch upstream" with upstream https://github.com/chatwoot/chatwoot.git and subsequent git log/PR parsing in Phase 2/2R), meaning the agent ingests and acts on untrusted, user-authored content from the open web to decide merges and conflict resolution.