docker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill’s Registry & CI and Skopeo/workflow instructions explicitly instruct pulling and inspecting images from public registries (e.g., Docker Hub, ghcr.io) and running scanners (trivy, docker scout, skopeo) against those externally-published, user-controlled images, which the agent is expected to read/interpret and which can materially change actions (e.g., block deploys, rotate secrets, sign/verify), so it consumes untrusted third‑party content at runtime.