supply-chain-attack-response

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs fetching and inspecting content from public, user-generated sources (e.g., npm/PyPI/crates.io via npm audit / pip-audit / cargo audit, GitHub/ghcr.io via git clone, gh release download, and cosign verify) and expects the workflow to read and act on those outputs (pinning, verification, remediation), so untrusted third‑party content can materially influence actions.