git

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly runs forge and git remote operations (gh/glab/fj commands, git clone/fetch, glab/gh API calls and curl to forge endpoints) and instructs the agent to read PR/MR lists, issue/PR descriptions, CI status and remote repo contents from GitHub/GitLab/Forgejo or cloned public repos—untrusted, user-generated third‑party content that the agent is expected to interpret and that can change subsequent git/merge/push actions.