fix-ci-failures

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and parse GitHub Actions job logs and artifacts from public PR/check URLs (see Step 2 links and Step 4 commands like "gh run download" and "gh api repos/.../actions/jobs/<JOB_ID>/logs"), which are untrusted third‑party content the agent must read and that can materially influence next actions.