github-cleanup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses user-generated GitHub content (e.g., via gh api repos/…/contents/.github/workflows, gh api repos/…/dependabot/alerts, and curl raw.githubusercontent.com) as part of its audit and uses those results to decide and execute actions, so untrusted third-party content can materially influence tool use.