env-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's synchronization code clearly fetches and ingests environment data from third-party platform APIs and secret managers (e.g., fetch_vercel_env, fetch_railway_env, sync_to_heroku, fetch_from_1password, fetch_from_aws_secrets in references/synchronization.md), which are external sources of user-controlled/untrusted environment values that the agent reads and compares as part of its workflow.