merge-cascade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and processes repository content from configured git remotes (e.g., fetching origin on GitHub and other remotes like gitlab in Step 3 and then reading/merging files and conflicts in Steps 5b–5c), therefore ingesting untrusted third-party repository content that can influence merge and resolution actions.