finops-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts (scripts/workflow-runs.sh and scripts/workflow-runs-org.sh) call gh api and gh repo list to fetch GitHub Actions run metadata (workflow names, run details, HTML URLs) from repositories/orgs — user-generated, public GitHub content that the skill parses and uses to drive analysis and follow-up recommendations, so untrusted third‑party content can influence actions.