done

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls GitHub/GitLab operations (e.g., gh pr list, wt switch pr:{N} which fetches PR/MR refs and fork URLs) and uses branch diffs and LLM-generated messages (shown in wt step/merge workflows) so it clearly ingests public, user-generated PR/fork content that can influence posting comments, commit messages, and merge decisions.