spice-sim

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The workflow explicitly instructs in "Workflow" step 2 to "Find a vendor model, download it" and the doc also states the Simulation "setup" string is passed through as ngspice input, which means the skill expects ingesting public vendor SPICE/model files (third‑party web content) that can materially change simulation behavior and downstream actions.