git-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls out and automates GitHub API/CLI queries (e.g., references/claude-code-hooks.md merge-gate.sh and SKILL.md / references/pull-request-workflow.md) that fetch PR state and review threads (user-generated content) and uses those results to allow/deny merges, so it ingests untrusted third-party content that can influence agent actions.