worktrees

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required "Run Project Setup" step explicitly runs package manager commands (npm install, pip install -r requirements.txt, poetry install, cargo build, go mod download) which fetch and execute code from public package registries (untrusted, user-published sources), allowing third-party content to influence the agent's runtime and actions.