running-in-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to read and act on content fetched from public GitHub PRs/issues, comments, diffs and session log artifacts (e.g., via "gh pr view", "gh pr diff", "gh issue view", and downloading claude-session-logs), which are untrusted, user-generated third-party sources that can influence actions like creating PRs, posting comments, or running commands.