1. Live Prompt Injection via Hardcoded expertise-api Endpoint Exposes Claude Code, Copilot Users
A critical security vulnerability in the expertise pipeline exposes users to session-scoped prompt injection. The `UserPromptSubmit` hook (`hooks/expertise-preflight.sh`) automatically calls `${EXPERTISE_API_URL}/expertise/search` on every prompt submission and injects the API response into the `systemMessage` field, w...