secure-github-actions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires resolving SHAs from public GitHub repositories (see CRITICAL RULE 3 in SKILL.md: "Resolve them from GitHub or ask the user") and includes concrete gh api examples in references/sha-pinning.md that instruct the agent to fetch public repo tag/commit data — untrusted, user-generated content that the agent must read and that can materially change subsequent choices (which SHAs/actions to pin and use).