gh-fix-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow and bundled script (scripts/inspect_pr_checks.py) explicitly fetch and read GitHub PR check details and GitHub Actions logs via gh commands (e.g., gh run view --log, gh api "/repos/.../actions/jobs/.../logs"), which are public, user-generated/untrusted third-party content that the agent ingests and summarizes.