make-github-actions-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow instructions explicitly read and act on user-generated GitHub content (e.g., context.payload.pull_request, github.rest.issues.listComments, and repos.getContent in SKILL.md) — untrusted PR bodies, issue comments, and repo files are ingested and used to gate actions or skip processing, which could allow indirect instruction injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill recommends using the external GitHub Action "actions/github-script@v8" (https://github.com/actions/github-script), which will be fetched and executed at workflow runtime and therefore represents an external runtime dependency that executes remote code.