create-workspace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly resolves and clones arbitrary public repositories (Step 1 "Resolving repository references" including a web-search fallback to find repo URLs, Step 4 "Resolve and clone repositories", and Step 5 cloning dependencies) and then reads/inspects those repos (e.g., running git status/git log and reading docs/deps) so untrusted, user-generated third-party content could materially influence agent decisions and tool use.