finops-caches

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill calls the GitHub API (e.g., gh api "/repos/$REPO/actions/caches" and related endpoints) to fetch cache metadata (keys, refs, sizes) which are user-generated/untrusted strings and are directly read and used by the script and SKILL workflow to drive analysis and post-actions (including deletion commands), so third-party content can influence agent decisions.