update-distro-packages

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required "Populating dotnet packages" workflow explicitly queries and ingests public, user-visible package data from open third‑party sites (pkgs.org via release-notes query distro-packages, packages.ubuntu.com, bodhi.fedoraproject.org, src.fedoraproject.org, pkgs.alpinelinux.org) and then maps that untrusted content into per-distro files which directly influence subsequent updates and tool actions, so third-party content can materially affect agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes an explicit install command that downloads and installs a remote package from https://packages.microsoft.com/config/{distro}/{version}/packages-microsoft-prod.deb (wget ... && sudo dpkg -i ...), which fetches and executes remote code at runtime to register the Microsoft package feed.