worktree-feature-execution

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts (notably scripts/merge-pr.sh, scripts/open-pr.sh, and scripts/preflight-check.sh / sync-worktree.sh) call gh and git to fetch PR metadata, check statuses, and remote refs from GitHub/origin — user-generated, public/untrusted content that the agent parses and uses to decide merges and other actions.