worktrees

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's PR review and remote-tracking examples explicitly instruct fetching and checking out remote branches (e.g., "git fetch origin pull/123/head:pr-123" and "git worktree add --track -b feature ../feature origin/feature"), which causes the agent to ingest and read untrusted, user-generated repository content from third-party remotes.