generate-ci-fix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and examples explicitly accept and parse open URLs and CI logs (e.g., "Parse Input (URL/log/description)" and the example "/acc:ci-fix https://github.com/org/repo/actions/runs/12345"), showing it fetches and interprets public, user-generated CI pages/logs which can directly influence automated fix generation and application.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly includes destructive, system-level commands (e.g., "sudo rm -rf /usr/share/dotnet" and "sudo rm -rf /opt/ghc" plus "docker system prune -af") that require elevated privileges and modify host system state.