expo-cicd-workflows-v55

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and its scripts (scripts/fetch.js and scripts/validate.js) explicitly fetch and parse public resources—e.g., https://api.expo.dev/v2/workflows/schema and raw.githubusercontent.com documentation—which are untrusted third‑party content the agent is required to read and that directly influences validation, generation, and decision logic.