deployment-e2e-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly includes an InstallAspireCliFromPullRequestAsync extension ("Downloads and installs the Aspire CLI from a PR build artifact") which instructs the test harness to fetch and install user-contributed PR build artifacts (untrusted third-party content) that would be executed and could materially change test/tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill includes runtime fetching/execution of external code: the CI snippet uses the GitHub Action azure/login@v2 (https://github.com/Azure/login) which is fetched and executed during workflow runs, and the InstallAspireCliFromPullRequestAsync helper explicitly downloads and installs a CLI from PR build artifacts (GitHub Actions artifact download), both of which fetch and execute remote code required for the tests.