tech-stack-evaluator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and parses public URLs (see format_detector._parse_urls and the "URLs for Ecosystem Analysis" notes) and documents a data_fetcher.py that pulls real-time data from public sources like GitHub, npm and CVE databases, so it will ingest and interpret untrusted, user-provided third‑party content (public repos/packages) as part of its workflow.