release-health-gates

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and modules explicitly require fetching and interpreting GitHub data (e.g., modules/quality-signals.md lists GET /repos/{owner}/{repo}/commits/{sha}/check-suites and deployments) and using tracker CSV/exports to auto-fill blockers and gate decisions, which are untrusted, user-generated third-party contents that directly influence deployment actions.