ship

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow explicitly instructs the agent to read and act on user-generated GitHub content (e.g., using gh pr checks/view, gh run view --log-failed, verifying review artifacts via bin/find-artifact.sh and reading PR bodies/CI logs) which are third‑party, untrusted inputs that the agent must interpret and that can change its actions (merge/rollback/fixes).