pin-github-actions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to call the GitHub API via the gh CLI to resolve releases/tags and read release notes from arbitrary public repositories (see "Step 2: Resolve Latest Releases" in SKILL.md, e.g., gh api repos/{owner}/{repo}/releases/latest), so it ingests untrusted third-party content that can influence pinning and upgrade decisions.