github-actions-il

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow templates and composite action (see SKILL.md Step 2 and references/shabbat-deploy-freeze.md) explicitly curl the public Hebcal API (e.g., https://www.hebcal.com/shabbat?cfg=json&geonameid=281184...) and parse its JSON to decide whether to freeze or proceed with deployments, meaning the agent/workflow ingests open/public third‑party content that directly influences deployment decisions.