github-branch-policy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill runs gh/gh api and gh workflow/view commands (e.g., gh api "repos/$OWNER/$REPO/rulesets", gh workflow view "$AUTO_WF" --yaml, gh run view <id> --json ...) to fetch repository rulesets, workflow YAML, PRs, runs, and other repo-hosted content, which are user-generated/untrusted third-party artifacts that the agent is expected to read and interpret as part of the audit.