add-feature

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's main workflow explicitly calls ctx.fetch_all_updates().await (see src/main.rs / "Command that needs registry data" variation) to fetch data from the public npm registry, so it ingests open, user-generated third‑party content that is used to set instance states and drive command behavior.