git-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls out commands that read GitHub and repository content—e.g., gw gh pr view, gw gh issue view, gw gh api, gw context, and gw --json git pr-prep—which ingest user-generated, public GitHub PRs/issues/commit messages that the agent is expected to read and use to drive decisions and actions, allowing indirect prompt injection from untrusted third-party content.