sponsor-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and interprets untrusted public content at runtime — e.g., deps.dev API results, public GitHub repo files (including .github/FUNDING.yml), npm registry metadata, and arbitrary web pages found via web_search/web_fetch — all of which are third-party/user-generated and are read as part of its workflow.