simplify-and-harden-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CI prompt and CI contract in SKILL.md (and the workflow template in references/workflow-example.md) explicitly instruct the agent to read and analyze "files changed in this PR", which are untrusted, user-contributed pull request contents that can materially influence gating decisions and tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill requires installing and invoking the gh-aw repository at runtime (e.g., gh extension install github/gh-aw and the GitHub Action uses: github/gh-aw/actions/setup-cli@main), which fetches and executes remote code (the gh-aw CLI/action) that can control agent workflows and prompts.