dependency-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent/workflow to ingest and act on untrusted public package metadata and documentation (e.g., "paste the README into ChatGPT" and use npm view / Socket.dev / GitHub changelogs and audit outputs from public registries), meaning third‑party README/pages and registry data can be read and influence decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a CI step that fetches and executes a remote install script at runtime (curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin), which runs remote code and is relied on to install the scanning tool for the SBOM scan.