push-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls GitHub via the gh CLI to list and watch workflow runs and to fetch failing job logs (see "Phase 2: Execute Push + Monitor CI" with gh run list, gh run watch, and gh run view --log-failed), which ingests untrusted, user-generated CI/log content from a public third-party that the agent reads and uses to determine verdicts—so it can enable indirect prompt injection.