expo-cicd-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses public resources from third-party URLs (notably https://api.expo.dev/v2/workflows/schema and raw.githubusercontent.com links for syntax.mdx and pre-packaged-jobs.mdx), so it ingests untrusted public web content as part of its workflow and could be exposed to indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly fetches runtime resources that directly drive generation/validation (not just reference) — notably the required schema at https://api.expo.dev/v2/workflows/schema (and accompanying raw docs at https://raw.githubusercontent.com/expo/expo/refs/heads/main/docs/pages/eas/workflows/syntax.mdx and https://raw.githubusercontent.com/expo/expo/refs/heads/main/docs/pages/eas/workflows/pre-packaged-jobs.mdx) which are fetched at runtime and used to derive answers, so they are external dependencies that control the agent's outputs.