graphite-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SessionStart hooks and delegated Task subagents automatically ingest and parse verbose outputs from git and Graphite CLI commands (e.g., gt pr info, gt stack, git log --graph) which can contain untrusted, user-generated content from remote PRs/comments and public repositories, so the agent will read/interprete third-party data as part of its workflow.