watch-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly streams and parses stdout from gh run watch (see "Monitor mode — behavior" in SKILL.md), which ingests GitHub Actions run output — user-generated/untrusted content from third-party repositories — and uses that content to determine CI verdicts and drive monitoring behavior.