containerize-aspnet-framework

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly instructs the agent to consult and fetch files from public GitHub resources (the dotnet-framework-docker README at https://github.com/microsoft/dotnet-framework-docker/blob/main/README.aspnet.md for tag selection and to download LogMonitor.exe from https://github.com/microsoft/windows-container-tools/releases/download/v2.1.1/LogMonitor.exe), which are open/public third-party sources that the agent must read/use to determine Docker base image tags and to retrieve a runtime binary, so untrusted external content can influence decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's Dockerfile instructs a runtime build step to download and use the executable at https://github.com/microsoft/windows-container-tools/releases/download/v2.1.1/LogMonitor.exe, which fetches remote code that will be executed as the container entrypoint and is a required dependency.