package-managing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill instructs the agent to fetch and install code and tools from public, user-controlled sources — e.g., "uv add 'my-package @ git+https://github.com/org/repo.git@main'" and "uv tool run --from "huggingface-hub" ..." (and the example script calling https://api.example.com/data) — which are open/public third‑party sources that could provide untrusted, user-generated content the agent would consume or execute.