github-actions-cicd

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The workflow's security-scan and lighthouse jobs explicitly fetch and analyze public websites (e.g., zaproxy/action-baseline targeting "https://www.hack23.com" and treosh/lighthouse-ci-action scanning "https://www.hack23.com/" and "/services.html"), meaning the pipeline ingests untrusted third-party web content that could carry indirect prompt-injection risks.