sre

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md promotion pipeline and diagnostic steps explicitly instruct the agent to read and act on third-party CI/artifact sources (e.g., "flux list artifact oci://ghcr.io//platform", GitHub Actions workflow logs, OCIRepository status checks in the "Promotion Pipeline Debugging" section), which are user-generated/untrusted external content and are used to drive decisions and next actions, so they could enable indirect prompt injection.