ci-cd-ops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow examples explicitly pull and run code and data from public third-party sources—e.g., "uses: org/shared-workflows/.github/workflows/test.yml@main", marketplace actions like googleapis/release-please-action@v4 and docker/metadata-action@v5, and external HTTP checks such as "curl -s https://example.com/slot" and "https://metrics.example.com/error-rate"—and those external artifacts/outputs are used in conditionals and subsequent steps (e.g., if: steps.release.outputs.release_created, health-check-driven deploy/promote/rollback), so untrusted third-party content can materially influence behavior.