new-branch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow (workflows/issue-branch.md step 1) runs "gh issue view --json number,title,state" to fetch GitHub issue data (user-generated, potentially public), reads the issue title to compute the branch name and make branching/switching decisions, so untrusted third-party content directly influences agent actions.