dependabot-pnpm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Fetch Alerts" workflow explicitly calls the GitHub API (e.g., gh api '/repos/{owner}/{repo}/dependabot/alerts' and fetching full alert details) to ingest Dependabot/security advisory content from external repositories, and the agent reads that untrusted third-party content to plan and execute fixes, so external text can materially influence actions.