configure-reusable-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow templates and REFERENCE.md explicitly create GitHub Actions callers that "uses: laurigates/claude-plugins/.github/workflows/reusable-<...>.yml@main", which causes GitHub to fetch and execute reusable workflow files from a public, third‑party GitHub repo (laurigates/claude-plugins) that can contain prompts or instructions influencing CI behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's generated workflows use remote reusable workflows from the laurigates/claude-plugins GitHub repo (uses: laurigates/claude-plugins/.github/workflows/reusable-...@main), which are fetched at workflow runtime and can contain prompt templates or executable steps that directly control agent prompts or execute code.