using-git-worktrees

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's PR-review flow explicitly requires resolving "the PR head branch from GitHub" (and runs fetch origin), which pulls user-generated content/metadata from a public third-party service that the agent uses to decide which branch/worktree to create.