av-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflows explicitly instruct the agent to fetch and adopt remote branches and PRs from GitHub (e.g., "av adopt --remote origin/", "av fetch", "av sync", and "av switch https://github.com/.../123" in SKILL.md/examples.md), which ingests user-generated public repo/PR content that the agent is expected to read and act on, allowing third-party content to influence subsequent tool actions.