gh-fix-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and bundled script (SKILL.md and scripts/inspect_pr_checks.py) explicitly fetch and parse GitHub Actions logs and PR check details using gh commands like "gh run view --log" and "gh api /repos/.../actions/jobs/.../logs", then summarize failure snippets and create fix plans based on those logs — i.e., it ingests untrusted, user-generated third-party content from GitHub and uses it to drive decisions and code changes.