aif-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 1.4 explicitly instructs the agent to "Read all existing CI files" including "Any included GitLab CI files (check include: directives)" — which can point to remote, public URLs/templates that the agent will ingest and use to shape CI generation, so untrusted third-party content could materially influence actions.