repo-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The workflow runs commit-check/commit-check-action@v2 with message: true and branch: true, so at runtime the action ingests the PR/push commit messages and branch names (text authored by other contributors) into the LLM context, creating an indirect prompt-injection surface via outsider-authored commit metadata.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The GitHub Actions workflow created by the skill invokes third-party actions that run remote code at CI time (notably commit-check/commit-check-action — https://github.com/commit-check/commit-check-action — and actions/checkout — https://github.com/actions/checkout), so the skill relies on external runtime-executed code.