cli-e2e-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly instructs downloading and inspecting CI artifacts and asciinema recordings from GitHub (e.g., ./eng/scripts/get-cli-e2e-recording.sh, gh run download) and using MCP server "Capture Terminal Text" output to build CellPatternSearcher patterns, meaning the agent ingests untrusted, user/CI-generated terminal content from public sources that can directly influence automation behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime commands that fetch CI artifacts and install the CLI from GitHub Actions (e.g., https://github.com/microsoft/aspire/actions/runs/$RUN_ID via gh run download / PR artifact installs), which are fetched at test runtime and can deliver and execute remote code, so this is a runtime external dependency that can execute code.