git-merge-expert-worktree

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and merges remote branches/PRs (e.g., "git fetch origin pull/77/head:pr-77" and "git merge --no-ff origin/feat/my-feature") and instructs the agent to read and resolve files in the worktree, which means it ingests untrusted, user-generated repository content from third-party remotes that can materially influence merge decisions and subsequent tool actions.