action-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to fetch and parse workflow files and action repos via gh search code and gh api repos/<owner>/<repo>/commits/<ref>, which ingests user-generated content from public GitHub repositories (third-party actions and workflow files) and uses those results to decide remediation and resolved SHAs.