systems-health

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required "Collect data" workflow explicitly ingests GitHub and CI data (e.g., the listed commands like gh pr list, gh issue list, and gh run list) and uses that user-generated issue/PR/CI content as core evidence for diagnoses, so it clearly consumes untrusted third-party content that can influence decisions.