release

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow uses GitHub CLI commands (e.g., "gh run list", "gh run view <RUN_ID> --log-failed", and related gh queries) to fetch CI run statuses and logs from GitHub and directs testing by downloading builds from the public site https://screenpi.pe, so it ingests untrusted third-party content (CI logs/public site artifacts) that directly influences release decisions and actions.