wait-for-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to run and read GitHub Actions run data (via gh run watch and the run URL https://github.com/owner/repo/actions/runs/<run-id> and CLI output), which are third-party/user-generated logs that the agent must ingest and whose exit/output drive decisions, so untrusted content could influence behavior.