code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly tells the reviewer to "verify API/stdlib claims" and "look it up" and the AI-age guidance mandates verifying unfamiliar imports against public package registries and primary docs (e.g., "Verify every unfamiliar import against the official package registry and current docs"), which requires fetching and interpreting open/public third‑party content that could influence review actions.