openharmony-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The bundled script and SKILL.md explicitly fetch and parse open/public GitCode PR comments (via oh-gc) and then query dcp.openharmony.cn and cidownload.openharmony.cn to download and inspect user-generated event data and log/artifact files, which the agent reads and uses to decide what to fetch and report, exposing it to untrusted third-party content.