astro-test-perf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs fetching public GitHub CI logs via "gh run view <run_id> -R withastro/astro --log" and then feeding those logs into scripts/parse-test-durations.js, so it ingests untrusted, user-generated CI/log output from a public repo and uses that content to drive parsing, analysis, and report/recommendation actions.