github-actions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md instructs the agent to list and read GitHub Actions and to proxy arbitrary GitHub API endpoints via Membrane (e.g., membrane action list --intent=..., membrane request CONNECTION_ID /path/to/endpoint), which pulls user-generated/public GitHub content that the agent is expected to interpret and could influence subsequent tool actions.