bitwarden-workflow-linter-rules

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "step_pinned" rule explicitly instructs the agent to resolve commit SHAs via the public GitHub API (gh api repos/{owner}/{repo}/commits/{ref}), so the skill fetches and acts on untrusted, user-generated repository content from the open web which can materially influence fixes.