git-worktree

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs fetching and checking out remote PRs and branches (e.g., "git fetch origin pull/123/head:pr-123" and creating worktrees from "pr-123"), which causes the agent to ingest and review user-generated third-party content from remote repositories.