contract-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Provider Verification and CI/CD steps explicitly pull contract files from a Pact Broker (e.g., the verifier's pactBrokerUrl 'https://pact-broker.example.com' and webhook pactUrl) and use those consumer-provided pact files to drive verification and CI actions, so untrusted third-party contract content can directly influence behavior.