python-pypi-package-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly tells the agent to consult public sites (e.g., "Check availability: https://pypi.org/search/ before starting" and "Monitor GitHub Actions → verify on https://pypi.org/project/your-package/"), which requires fetching and interpreting user-generated public content from PyPI/GitHub as part of the workflow and could therefore allow indirect prompt-injection to influence naming, publish, or verification decisions.