pipelines-health-check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required scripts explicitly fetch and parse public, user-generated content—e.g., GitHub PR comments in check-vmr-codeflow.ps1 (Get-IncludedUpstreamPRs calling repos/.../issues/{PullNumber}/comments) and Azure DevOps build timelines in check-pipeline-health.ps1 (az rest against dev.azure.com)—and then use those parsed messages to drive failure-correlation, subagent investigations, and remediation recommendations, so untrusted third-party content can materially influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's "For build errors" subagent instructs acquiring and running an external binlog analysis skill (link: https://github.com/ViktorHofer/dotnet-skills/blob/main/msbuild-skills/skills/binlog-failure-analysis/SKILL.md) and to spawn remote code at runtime via "dnx -y baronfel.binlog.mcp@0.0.13", which would fetch and execute external code used to drive the agent's analysis — a runtime external dependency that executes remote code.