sbom-supply-chain

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md baseline workflow and example commands explicitly fetch and parse artifacts from public container registries (e.g., "syft registry:ghcr.io/acme/api:1.2.3 -o cyclonedx-json > sbom.json") and then use those SBOMs and attestations to drive verification and deployment decisions, which are untrusted third‑party artifacts that could influence agent actions.