mistral-ci-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The GitHub Actions workflows run on pull_request and explicitly read and execute against repository/PR-provided files (e.g., src/prompts read by scripts/estimate-costs.ts, the prompt regression tests in tests/ai, and the model-gate grep over src/), using model outputs to pass/fail tests and annotate PRs, so untrusted user-contributed content in PRs can influence agent behavior.