devstack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's bin/worktree feature (templates/bin-worktree and the SKILL.md step "Create bin/worktree") explicitly runs gh to fetch GitHub issue titles and PR branch names at runtime (fetch_issue_title / fetch_pr_branch using gh issue view and gh pr view), which are public, user-generated content that the agent/script reads, interprets (slugifies, uses as branch names), and even copies to the clipboard for subsequent agent sessions—so third‑party content can materially influence tool use.