release-guard

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to run GitHub CLI/API commands in SKILL.md and ci-reference.md (e.g., gh pr view, gh run list, gh run view, gh api repos/:owner/:repo/...) to fetch PRs, CI runs, and branch-protection from public GitHub repositories — untrusted, user-generated content the agent must read and use to decide whether to allow a release, so it can materially influence behavior and enable indirect prompt injection.