dev-cycle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and acts on remote, user-authored forge and CI data (e.g., running git fetch/origin, git remote get-url origin for forge detection and gh pr view --json, gh pr checks --watch, glab ci status, and CI log inspection in SKILL.md Step B1/B6 and references/finish.md), so untrusted third-party PR/CI content can be ingested and materially influence push/merge/release actions.