github-script

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's examples and guidance explicitly import and execute external ESM modules from the checked-out repository (e.g., import(${process.env.GITHUB_WORKSPACE}/scripts/...) in references/examples.md and references/external-files.md), which are user-generated/untrusted code that the action runs and whose outputs can drive API calls and workflow decisions.