contribute

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and interacts with remote repositories and PRs (e.g., "git town sync" fetches from origin/upstream, "git town propose" opens the upstream PR page, and gh pr view --json ... reads PR data) which are untrusted/user-generated third‑party contents that the workflow reads and uses to decide next actions.