taskcluster

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's scripts (scripts/tc.py) explicitly fetch and parse untrusted public Taskcluster artifacts (e.g., actions.json via https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/<TASK_GROUP_ID>/artifacts/public/actions.json in get_actions_json) and then use that data to select hookGroupId/hookId and construct payloads that drive taskcluster API actions, so third-party artifact content can directly influence tool actions.