Logging and Monitoring for Agentic Workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's GitHub Actions workflow example (.github/workflows/alert-rules.yml) explicitly fetches recent workflow runs via actions/github-script (github.rest.actions.listWorkflowRunsForRepo) and parses those third-party/user-generated run records to compute metrics and automatically create issues and send alerts, meaning untrusted external content is ingested and can directly drive tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The GitHub Actions workflow in the skill uses external action references (uses: actions/github-script@v7 and uses: mxschmitt/action-tmate@v3), which are fetched and executed at workflow runtime on GitHub runners and are required for the job steps, so remote code from those external repositories will run during skill execution.