vulnerability-report

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill runs package-manager audit tools (e.g., "npm audit --json > /tmp/npm-audit-output.json", "pip-audit --format=json > /tmp/pip-audit-output.json", "composer audit --format=json", "yarn audit --json") and parses their public advisory/CVE outputs (including URLs and descriptions) to drive severity classification and remediation actions, which means it ingests and acts on untrusted public third‑party advisory content.