dependency-alignment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill queries public package registries and tools (e.g., "uv pip compile" against PyPI and "npm view", "npm ls", "npm install --dry-run" against the npm registry) and explicitly parses those command outputs to choose pinned versions and drive conflict-resolution actions, so untrusted package metadata or registry responses could influence agent decisions.