configure-reusable-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required caller workflow templates and REFERENCE.md explicitly reference and will cause GitHub Actions to fetch and execute third-party reusable workflows from the public laurigates GitHub repo (e.g., "uses: laurigates/.github/.github/workflows/reusable--.yml@main"), which are untrusted external content that can supply Claude-driven instructions affecting CI behavior.