spm-build-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs using the helper script scripts/check_spm_pins.py, which runs git ls-remote --tags on repository URLs extracted from project.pbxproj (XCRemoteSwiftPackageReference), meaning the agent fetches and parses tag data from arbitrary remote git repositories (untrusted third-party content) and uses those results to decide recommendation actions.