building-devsecops-pipeline-with-gitlab-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime scripts (scripts/process.py and scripts/agent.py) call arbitrary GitLab API endpoints (defaulting to https://gitlab.com or a user-supplied gitlab_url) and ingest project, vulnerability, and job data (user-generated/untrusted) which the agent parses and uses to drive validation, coverage assessment, and report decisions—so external content can materially influence behavior.