git-master

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and inspect arbitrary remote repositories and hosting platform data (e.g., git clone , git fetch/pull, git show :, gh/glab/az/bitbucket PR commands and git clone --mirror ), which means the agent would ingest untrusted, user-provided content from public GitHub/GitLab/Bitbucket/Azure DevOps repositories and related PRs/commits.