github-workflow-auto-fix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The workflow's "Gather failure context" step explicitly runs gh run view --log-failed and writes logs and run/PR JSON (e.g., .auto-fix-failed-logs.txt and .auto-fix-run-summary.json) which the subsequent "Analyze and fix with Claude" action ingests to decide and perform fixes, thus exposing the agent to untrusted, user-generated CI logs/PR content that could include injected instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The workflow uses the external GitHub Action "anthropics/claude-code-action@v1", which is fetched and executed at runtime and is passed a direct_prompt (so remote code/prompt-handling from that repo is a required runtime dependency).