daft-worktree-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs the agent to clone and operate on remote repositories (e.g., daft worktree-clone <url> in SKILL.md) and to read/execute repository-managed hooks/daft.yml and detected marker files, which are untrusted, user-generated third‑party content that can influence command execution and agent actions.