git

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill invokes gh commands that fetch PR metadata and comments from GitHub (references/pr-review-workflow.md and references/worktree-summary.md use "gh pr view --comments" and "gh pr list ... --json"), which are user-generated third-party contents the agent is expected to read and that can influence decisions/actions (e.g., whether to fix, push, or delete worktrees).