pr-build-status

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's PowerShell scripts (Get-PrBuildIds.ps1, Get-BuildInfo.ps1, Get-BuildErrors.ps1, Get-HelixLogs.ps1) explicitly fetch and parse data from public third-party endpoints (via gh pr checks for GitHub and Invoke-RestMethod calls to dev.azure.com and helix.dot.net) and then interpret those logs/results to decide which jobs/tests failed and whether to fetch console logs, so untrusted, user-generated content can directly influence the agent's actions.