dash-docset-install-generate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md plus referenced scripts like scripts/dash_catalog_refresh.py and scripts/dash_catalog_match.py and resources such as references/catalog_user_contrib_docsets.json with html_url entries and feed_xml_url pointing to raw.githubusercontent.com, plus explicit "GitHub-based or Stack Overflow-based generation" fallbacks and dash_mcp_tools' load_documentation_page) shows it fetches and parses user-contributed GitHub/raw GitHub feeds and other public sites and will read/interpret that untrusted, user-generated content to choose/install docsets, so third-party content can materially influence tool actions.