audit-actions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to search and inspect repository workflow files (e.g., grep .github/workflows/ and gh search code across the org), which ingests untrusted, user-contributed YAML/PR content that the agent must interpret to decide findings and remediation—meeting the criteria for indirect prompt-injection risk.