pin-github-actions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly calls out and instructs the agent to call the public GitHub API (e.g., the Batch Resolution Script and gh api "repos/$owner_repo/releases/latest" and git/ref/tags calls) to fetch release tags and git objects from arbitrary public repositories, meaning it consumes untrusted, user-generated third-party content that the agent must parse and act on as part of its workflow.