github-pr-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and read untrusted, user-generated GitHub content (e.g., "gh run view <RUN_ID> --log-failed" and curl to https://api.github.com/repos/$OWNER/$REPO/actions/runs/$RUN_ID/logs) and to interpret those CI logs/PR data to decide and perform code fixes and pushes, which could allow indirect prompt injection via third-party content.