create-deploy-strategy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and references/templates.md workflows explicitly run network fetches (curl and Prometheus API queries) against user-provided health-check URLs and external APIs (e.g., "${{ steps.env.outputs.url }}/health", https://api.example.com/switch-traffic, $PROMETHEUS_URL) and then use those responses to decide promotion/rollback, so untrusted third-party content can materially influence actions.