using-git-worktrees

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Run Project Setup" steps (npm install, cargo build, pip install -r, poetry install, go mod download) explicitly fetch and install packages from public registries, ingesting untrusted third‑party code that can materially influence subsequent actions.