github-workflow-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows explicitly fetch and send user-provided GitHub content (e.g., PR diffs in the "Get diff"/"AI Review" step, issue title/body in the "Analyze issue" triage step, and comment text/context in "mention-bot.yml") to AI services which then create reviews, labels, comments, and can influence deployments, so untrusted third-party content can materially affect agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The workflows use the external GitHub Action actions/github-script@v7 (https://github.com/actions/github-script) at runtime to execute arbitrary JavaScript that builds/sends AI prompts and runs code, so this external repo is a required runtime dependency that executes remote code.