python-uv-scripts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). tools/convert_to_uv.py explicitly queries the public PyPI API via get_pypi_latest_version("https://pypi.org/pypi/.../json") and uses the returned data to resolve package names and version constraints that are injected into generated script metadata (header/dependencies), so untrusted third‑party responses can directly influence the tool's output and behavior.