finops-overview

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's script scripts/billing-summary.sh calls gh api on org and repo endpoints (e.g., "/repos/$REPO/actions/runs?per_page=100" and other /orgs/... and /repos/... APIs) and parses workflow run names and other user-generated GitHub metadata into summaries that the agent uses to decide follow-up actions, exposing it to untrusted third-party (user-generated) content.