workflow-preflight

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow (SKILL.md Steps 1–2) runs git fetch and GitHub CLI commands (e.g., gh issue view, gh pr list) to read issues, PRs, titles, and branch refs from remote repositories/GitHub — user-generated, public content that the agent ingests and uses to decide actions (e.g., stop if a PR is merged), creating a clear vector for indirect prompt injection.