debugging-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs the agent to download and parse GitHub Actions run artifacts and logs (via "gh aw logs" and "gh aw audit" in the "Downloading Workflow Logs" and "Auditing Specific Runs" sections), which are arbitrary, user-generated content from repositories and are read/used to drive analysis and decisions (e.g., safe_output.jsonl, agent_output, workflow-logs), creating a clear avenue for indirect prompt injection.