bun-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs fetching and installing code from public, user-controlled sources (e.g., "bun add github:user/repo", "bun add git+https://github.com/user/repo.git", and using third‑party registries like "bun add ... --registry https://registry.npmmirror.com"), which clearly ingests untrusted third‑party content as part of the workflow.