check-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill invokes gh commands such as "gh pr checks", "gh run view --log-failed", and "gh api .../comments" to fetch GitHub PR checks, workflow logs, and review comments (user-generated/public third‑party content) that the agent reads and uses to decide fixes, enabling indirect prompt injection.