atmos-gitops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflows explicitly run "atmos describe affected" which clones/compares PR branches/commits (reading repository and PR content) and the drift-remediation action reads GitHub Issue metadata to decide whether to run applies, meaning it consumes user-generated GitHub/repo content that can directly influence tooling and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill references and runs GitHub Actions (e.g., https://github.com/cloudposse/github-action-setup-atmos used via "uses: cloudposse/github-action-setup-atmos@v2") which are fetched and executed at workflow runtime, so external repository code is executed and relied upon by the skill.