gastown-rig-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow explicitly clones and inspects arbitrary Git remotes (Prerequisites: "Git remote URL" and Steps 1–3), so the agent will fetch and read user-provided repository files (e.g., .beads/metadata.json) from untrusted third-party sources which can materially change behavior.