cmake

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (SKILL.md section "5. 外部依赖" and references/templates.md) explicitly uses CMake FetchContent with public GitHub URLs (e.g., https://github.com/google/googletest.git and https://github.com/madler/zlib.git), meaning it instructs fetching and incorporating untrusted third‑party repositories whose contents could influence build actions and tool behavior.