git-worktree

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs fetching and checking out external pull requests (e.g., "git fetch origin pull/123/head:pr-123" and Example 3 "Fetch PR and create read-only worktree") and then reviewing and running tests on that code, which means the agent will ingest and act on untrusted, user-generated repository content that could influence subsequent actions.