using-git-worktrees

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Run Project Setup" step explicitly tells the agent to run npm install, cargo build, pip install -r, and go mod download, which will fetch and install dependencies from public package registries (npm/PyPI/crates.io) — untrusted third‑party content the agent will ingest/execute and that can materially alter subsequent behavior.