av-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly tells agents to fetch and adopt remote branches and PR data (e.g., av fetch, av adopt --remote origin/, av switch https://github.com/.../pull/123 and to read .git/av/av.db's pullRequest.permalink), which causes the agent to ingest and act on untrusted, user-generated content from GitHub remotes that can change tool actions and decisions.