github-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill’s runtime tools (e.g., scripts/github_project_setup.py, references/gh/*, and the ci_monitor.cjs workflow) explicitly call the GitHub API and gh CLI to fetch/list/read issues, PRs, workflow runs, project fields, labels, and milestones—these are public, user-generated GitHub resources that the agent reads and uses to decide and drive actions, so untrusted third‑party content could influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to fetch workflow .md files from the live documentation (e.g. https://docs.github.com/en/actions/reference/workflows-and-actions/) and use that content to drive workflow syntax/decisions, so the external URL is fetched during runtime and directly controls the agent's instructions.