registry-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to inspect third-party package docs and source (e.g., "pcb doc --package @" and example module URLs like "github.com/diodeinc/registry/...") and to read package source from a registry/checkout, meaning untrusted community package documentation/source from public registries/GitHub would be fetched and used to decide instantiation—allowing indirect instruction injection.