investigate-alert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly instructs the agent to fetch and read external runbooks and other URLs (see "Runbook Fetching" and Step 4 / references/alert-investigation-patterns.md which show using gh api for GitHub runbook URLs and curl -s "<runbook_url>" for non-GitHub URLs), meaning it will ingest untrusted public third-party content that can influence investigation actions.