git-fork-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs running commands like "git fetch upstream", "git log upstream/main..origin/main", and "gh repo sync" which retrieve and require interpreting content from the upstream GitHub repository (an untrusted, third-party user-generated source) to decide sync strategies, so third-party content can directly influence agent actions.