cve-vulnerability-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests public third‑party content — e.g., NVD API calls (scripts/fetch_cve_details.py, SKILL.md step "从NVD（国家漏洞数据库）API获取漏洞详细信息") and GitHub issues searches (scripts/check_github_issues.py and SKILL.md references to the DependencyCheck and component repos) — and the agent is required to read and act on that untrusted, user-generated content to decide false positives and generate follow-up remediation actions, which could allow indirect prompt injection from those sources.