openai-gh-fix-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill directly fetches and parses public, user-generated GitHub content (e.g., via gh pr checks, gh run view --log in fetch_run_log and gh api /repos/.../actions/jobs/<job_id>/logs in fetch_job_log within scripts/inspect_pr_checks.py), and the agent reads and summarizes those logs/snippets as part of its workflow, so untrusted third-party content could inject instructions.