wait-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and scripts (scripts/check-ci.sh and scripts/get-pr-comments.sh) call the GitHub CLI and GraphQL API to fetch PR checks, reviews, and comment bodies (user-generated content from public GitHub PRs) and then use those contents to decide status, fetch logs, and change behavior (e.g., mark as failed or "comments"), so untrusted third-party content can materially influence the agent.