Repository text is not automatically trusted
Markdown, tickets, comments, test fixtures, logs, and copied prompts can contain instructions that conflict with the team's actual task and security boundaries.
Tool access raises impact
Prompt injection becomes more dangerous when an agent can run commands, upload files, call external services, change workflows, or access secrets.
Policy should name untrusted sources
CapitalGuard policies identify untrusted instruction locations and require human approval before operational actions are taken from repository text.
