micropatch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflows (references/create.md and references/apply.md) explicitly require the agent to read and inspect upstream repositories (e.g., "a clean folder diff against a fresh upstream clone", "scout the patch and the target upstream", and "inspect the current upstream"), which can be arbitrary public/untrusted repositories whose content the agent must interpret and which can materially affect subsequent patching decisions.