wait-for-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's wait-ci.sh script (and SKILL.md) fetches CI run metadata and log excerpts via third-party CLIs (gh/glab/vercel) — e.g., gh run view --log-failed produces the JSON "details" field — and the SKILL.md explicitly instructs the agent to read those details and act (merge, fix, proceed), so untrusted CI logs and run data from GitHub/GitLab/Vercel can materially influence agent decisions.