moai-workflow-worktree

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests content from remote Git repositories (e.g., "fetch latest changes from remote" and moai-worktree sync described in SKILL.md and modules/moai-adk-integration.md), which is user-generated/untrusted content that the agent is expected to read/interpret (documentation generation, sync/merge decisions, PR creation) and can materially influence subsequent actions.