using-git-worktrees

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required setup steps automatically run package install/build commands (npm install, cargo build, pip install / poetry install, go mod download) which fetch and execute code from public package registries (npm, PyPI, crates.io, etc.), exposing the agent to untrusted third‑party content that can influence tests, outputs, and subsequent actions.