ship-changes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly runs git commands that fetch and inspect remote repository data (e.g., "git remote get-url origin", "git fetch origin", "git log", "git rev-parse")—which can pull untrusted, user-generated content (branch names, commit messages, logs) from public git hosts and uses that content to decide actions like amend/rebase/push and which CLI (gh/glab) to invoke, creating a clear path for indirect instruction injection.