safe-git-ops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow explicitly performs "network_inspect" Git operations (SKILL.md: "git fetch, pull, push, ls-remote, submodule update, or any Git operation that contacts a Git remote") which contacts arbitrary remote repositories on the open web and requires the agent to interpret those remote responses to decide next actions, exposing it to untrusted third-party content.