Konflux Archived PipelineRuns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Identifying Failing EC Checks from GitHub" workflow explicitly instructs calling the GitHub API (gh api repos/openshift/hypershift/commits/.../check-runs) and parsing .output.text (which contains an with the PipelineRun name), so the agent ingests and acts on untrusted third-party GitHub check-run output as part of its decision flow.