cicd-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows fetch and execute public, untrusted third‑party content (for example the curl to https://raw.githubusercontent.com/.../download-actionlint.bash, numerous third‑party GitHub Actions such as snyk/actions and aquasecurity/trivy-action, and public Docker images) and those artifacts and scan results are consumed and interpreted as part of the CI/CD workflow, creating exposure to indirect prompt‑injection via external content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill contains CI workflow steps that at runtime fetch and execute remote scripts (for example: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) and curl -L -o opa https://openpolicyagent.org/downloads/latest/opa_linux_amd64 which is then executed), meaning external content is fetched during runtime and used to run code as part of the pipeline checks.