github-configure-ci-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Approach: Sparse Clone" (SKILL.md) instructs the agent to git clone arbitrary GitHub repositories and read/modify files under .github/workflows, which means it fetches and interprets untrusted third-party repository content that can materially affect editing and subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt includes explicit privileged system modifications (e.g., using sudo to move the JFrog CLI into /usr/local/bin and curl|sh installation fallbacks), which require elevated privileges and modify the host system state.