bun-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly includes commands that fetch and inspect package registry data (e.g., "Read-Only Commands" listing bun info <pkg> and bun info <pkg> versions, plus registry configuration like [install.registry] url = "https://registry.npmjs.org/"), which clearly ingests untrusted, user-published third‑party content that the agent would read and could influence package/installation decisions.