github-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Anti-Fabrication Requirements" explicitly require using the Read tool and GitHub CLI commands (e.g., gh workflow list, gh workflow view, gh run list) and globbing to read workflow files and action.yml files from repositories—i.e., untrusted, user-generated third-party content—which the agent must interpret to verify triggers, structure, and make decisions about subsequent actions.