code-quality-report

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to run package registry and vulnerability checks (e.g., "npm outdated", "npm audit", "flutter/pub outdated") and to cross-check with external services like Snyk/OSV or pub.dev, which ingest public package metadata and advisories (untrusted third-party, user-published content) that the agent would read and interpret as part of its workflow.