debug-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly directs the agent to fetch and parse third-party Buildkite and GitHub data (e.g., bk api /pipelines/<PIPELINE>/builds/<BUILD_NUMBER>/annotations, bk job log <JOB_ID> ..., and gh pr checks), which are untrusted, user-generated CI annotations/logs that the agent must read and use to decide next actions.