buildkite-logs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch Buildkite build/job logs and artifacts from the Buildkite API (BASE=https://api.buildkite.com/v2) and to read/summarise those logs as part of its diagnose workflow, which exposes the agent to untrusted, user-generated CI output that can influence subsequent decisions.