e2e-ci-debug

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's download-artifacts.sh fetches GitHub Actions artifacts (playwright reports, junit.xml, screenshots/traces/videos) from PR workflow runs via the gh CLI, and parse-junit.py explicitly exposes and instructs AI models to read those artifact files (absolute screenshot/trace paths) — meaning the agent will ingest and interpret potentially untrusted, user-generated content from third-party PRs/artifacts.