ci-autofix-reusable

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The workflow's "Run Claude auto-fix analysis" step (prompt) explicitly tells Claude to read CI failure logs saved from GitHub (${{ steps.context.outputs.context_dir }}/failure-logs.txt and failed-jobs.txt populated via gh run view / gh pr list), which are user/PR-generated/untrusted content and are used to drive actions like creating PRs or issues.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The workflow invokes the external GitHub Action "anthropics/claude-code-action@v1" (https://github.com/anthropics/claude-code-action) at runtime — this action is fetched/executed by the runner and is responsible for running the provided "prompt" and agent interactions, making it a required external dependency that directly executes remote code and controls agent behavior.