git-worktree-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflows (notably rules/patterns/code-review.md and creation/troubleshooting docs) explicitly instruct fetching and checking out public GitHub PRs and remote branches (e.g., "gw pr https://github.com/user/repo/pull/123", git fetch, gh pr), which are untrusted, user-generated third‑party sources that the agent is expected to read and act on, so they could enable indirect prompt injection.