github-actions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's instructions explicitly tell the agent to call gh api (e.g., "gh api repos/{owner}/{repo}/releases/latest" in SKILL.md and references/api.md) to fetch release/tag data from arbitrary GitHub repositories (public, user-generated content) and to use those results to decide and apply action-version updates, so untrusted third‑party content is ingested and can influence follow-up actions.