iblai-analytics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs checking remote package metadata (PyPI via curl, npm view, and GitHub releases) in "Step 0: Check for CLI Updates", which requires fetching public third‑party content that can change whether the assistant updates tools or alters its workflow, enabling indirect injection of instructions from those sources.