pkgmgr-homebrew-formula-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly instructs fetching and inspecting public, user-generated sources (e.g., SKILL.md Research Phase and language guides like reference/langs/go.md and reference/langs/python.md which call gh api and curl of GitHub tarballs and PyPI/files.pythonhosted.org URLs) and those fetched contents are used to determine formula fields (url/sha256, build/install details), so untrusted third‑party content can influence tool actions and decisions.