tech-stack-evaluator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and parses arbitrary public URLs (see HOW_TO_USE.md and format_detector.py's URL parsing) and its design includes a data_fetcher.py that fetches real-time data from public sources like GitHub, npm and CVE databases which ecosystem_analyzer.py then reads and analyzes, so the agent ingests untrusted third-party content.