gh-subtrees

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The sync sub-skill and status script explicitly fetch and inspect remote GitHub repositories (git fetch, git log against remote refs, git diff between HEAD:$prefix and remote/$branch, and rsync from worktrees) and the AI is required to read and interpret that remote repo content to classify push/pull actions and to generate commit messages, so arbitrary third-party repository content could influence tool decisions and next actions.