mcore-create-issue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The workflow fetches GitHub Actions job logs and PR/commit metadata from GitHub at runtime (e.g., gh api repos/NVIDIA/Megatron-LM/actions/jobs/<job_id>/logs, gh pr view ..., gh api .../commits), which includes outsider-authored free text such as failing test output/tracebacks and commit messages from contributors.