worker-image-build

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow instructs the agent to use the GitHub CLI against the public repo mozilla-platform-ops/worker-images (see "Trigger a Build" and "Check Build Status" sections with gh run list / gh run view / gh run watch), which involves fetching and reading run details and logs from an open third‑party site (GitHub) whose user-generated content could influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill invokes GitHub workflows at runtime (e.g., "gh workflow run" / "gh run list" against https://github.com/mozilla-platform-ops/worker-images), which triggers and executes remote repository workflow code required for the build process.