gha

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to fetch and read GitHub data (workflow run logs, job histories, and PRs) via the gh CLI for the provided GitHub Actions URL—these are public, user-generated/untrusted artifacts that the agent must interpret, allowing indirect prompt injection.