peach-worktree

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and reads remote repository and PR data (e.g., git fetch origin --prune, gh pr view / gh pr status used throughout SKILL.md and the references/*.md workflows) — user-generated/untrusted PR/repo content is interpreted as part of decision logic (merge/cleanup/branch deletion), so third‑party content can materially influence actions.