using-git-worktrees

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's "Creation Steps" / "Run Project Setup" explicitly runs package manager commands (npm install, cargo build, pip install, go mod download) which will fetch and execute dependencies from public package registries (npm, PyPI, crates.io, etc.), i.e., untrusted third‑party content that can materially influence subsequent actions.