using-git-worktrees

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill auto-runs project setup commands (e.g., "npm install", "pip install -r requirements.txt", "cargo build", "go mod download") which fetch and install dependencies from public package registries (untrusted third-party/user-generated content) and then reads/interprets build/test outputs as part of its workflow.