spacelift-terraform

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (see references/github-terraform-workflow.md and references/policies.md) explicitly ingests GitHub push/PR events and repository/PR data (untrusted user-generated content like affected_files, commit messages, PR labels) which are evaluated by push/plan/trigger policies and can directly change runs/actions (track/propose/cancel/trigger), so third-party content is consumed and can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime commands that pull and execute remote container images (e.g., "docker run ... public.ecr.aws/spacelift/launcher:latest" and runner image "public.ecr.aws/spacelift/runner-terraform:latest", and a Docker CLI image "ghcr.io/spacelift-io/spacectl"), which are fetched at runtime and execute remote code required for worker/run operation, so these URLs are runtime external dependencies that could be risky.