managing-branches

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and inspects content from a repository remote (e.g., git pull origin in scripts/branch-manager.py, checks for origin/ and git fetch origin pull/123/head in the worktree/README examples), and it parses branch names, commit logs and PR refs (user-generated/untrusted) which are then used to decide merges, tagging, worktree creation, and other actions—so third-party content can materially influence tool behavior.