npm-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses public, user-generated content from npm and GitHub (e.g., npm view PACKAGE readme, visiting https://www.npmjs.com/package/PACKAGE, gh api repos/.../releases, gh pr view, and GitHub issues), which are untrusted third-party sources that the agent is expected to read and interpret.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill issues runtime fetches of raw GitHub content (for example curl -s https://api.github.com/repos/npm/npm-audit-db/contents/data and gh api repos/${REPO}/contents/CHANGELOG.md) which are decoded and injected into the research context, so external GitHub content (e.g., https://api.github.com/repos/npm/npm-audit-db/contents/data) can directly influence agent prompts/outputs.