audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs running commands that fetch and interpret public, user-generated content (e.g., "gh search issues --repo <owner/repo> "" --state open" and pnpm audit/pnpm info against the public npm registry), so third-party GitHub issues and registry data can influence remediation decisions.