gh-fix-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses GitHub Actions run and job logs (see SKILL.md "fetch GitHub Actions logs" and scripts/inspect_pr_checks.py functions fetch_run_log/fetch_job_log that call "gh run view --log" and "gh api /repos/.../actions/jobs/<job_id>/logs"), which are untrusted, user-generated third‑party content that the agent reads and uses to summarize failures and propose/implement fixes, so malicious log content could materially influence behavior.