ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The included script (scripts/ci.mjs) calls the GitHub CLI (e.g., gh api repos/${REPO}/actions/jobs/${jobId}/logs and run view) to fetch GitHub Actions job logs and commit-status target URLs, and SKILL.md explicitly requires extracting npm test/lint commands from those untrusted, user-generated CI logs and then executing them, so third-party CI log content can directly influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls the GitHub API at runtime (e.g., via gh api repos/${REPO}/actions/jobs/${jobId}/logs) and parses those fetched logs to generate and drive suggested test/lint commands that control what the agent/operator will run locally, so external content directly influences agent instructions.