moai-workflow-release

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (PHASEs 6–8 and Phase 7 steps) directly queries and fetches public GitHub data (gh release view / gh run list / gh run view), downloads release assets and install scripts via curl from raw.githubusercontent.com, and expects the agent to read and act on that content (e.g., verify assets, run scripts, decide to proceed/merge/tag), so untrusted public content can materially influence tool use and next actions.