container-registries

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes commands that fetch artifacts from public registries and repos (e.g., docker pull/push to Docker Hub/GCR/GHCR, connecting GitHub/Bitbucket for automated builds, and wget from github.com for Harbor), so the agent may ingest untrusted, user-generated third-party content as part of normal workflows.