af

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md shows Tower auto-loads cron YAMLs from .af-cron/ that run commands like "gh run list" (fetching GitHub/run data from a third‑party, user-generated source) and then uses the command output in "condition" and "message" to drive alerts/actions, so untrusted external content can directly influence workflow and decisions.