treeherder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md and referenced docs explicitly instruct calling Treeherder's public REST API (e.g., https://treeherder.mozilla.org/api/ and the /jobs/{job_id}/bug_suggestions/ endpoint) and using treeherder-cli / lumberjackth to fetch job logs, error lines, and bug suggestions — untrusted, user-generated third-party content that the agent is expected to parse and use to influence failure classification and follow-up actions.