github-workflow-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows in SKILL.md explicitly read GitHub repository and PR/run data (e.g., "gh pr view ... | npx ruv-swarm actions pr-validate", "gh run view", "gh run download", and templates that feed repo/PR/commit outputs into ruv-swarm and even "--auto-execute" deployment), which are untrusted, user-generated third-party contents that the agent is expected to interpret and that can drive actions like creating issues, comments, PRs, or deployments.