plan-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill instructs the planner subagent to read GitHub Actions logs from a provided GitHub Actions URL ($ARGUMENTS), which are public/user-generated third-party artifacts the agent will fetch and interpret, exposing it to indirect prompt injection.