azure-containerregistry-py

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and acceptance criteria show it can connect to public registries (e.g., anonymous access to https://mcr.microsoft.com), download manifests/blobs (Upload and Download Artifacts) and use manifest fields (Clean Up Old Images) to decide actions like deleting images, which clearly ingests untrusted third‑party content that can influence tool behavior.