security-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Pass 3 instructions explicitly require querying public package registries and docs (e.g., "verify every unfamiliar package name actually exists: npm view <pkg>" and "verify...against primary docs"), so the agent will fetch and interpret untrusted, user-contributed registry/web content that can influence audit decisions.