harden-github-actions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires the operator to "MUST fetch its README on GitHub and read the documented permission requirements" (references/permission-mappings.md), which forces the agent to fetch and interpret untrusted, user-generated public GitHub content that can materially influence permission decisions and subsequent workflow changes.