sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly runs "git fetch {REMOTE}" / "git pull {REMOTE} {DEFAULT_BRANCH}" and reads commit/branch data (see Subagent Prompt steps 3, main_message=$(git log -1 --format=%s), and branch-cleanup steps), which ingests user-generated content from a remote repository that can change pull/merge/rebase behavior and thus materially influence actions.