github-actions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Auto-Fix flow and rules/action-pinning.md explicitly require using the GitHub CLI (gh api) to look up commit SHAs from public third-party GitHub repositories (user-generated content) and then apply those SHAs to modify workflows, so the agent fetches and interprets untrusted external content as part of its decision/action workflow.