dev-swarm-project-restore

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports restoring from remote git repositories (references/external-restore.md) and instructs scanning repository files to reconstruct documentation and drive restore decisions (references/reverse-engineering.md), so the agent will fetch and interpret arbitrary third-party repo content that can influence its actions.