dependency-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and evaluate Dependabot PRs and the dependency graph from GitHub (via commands like "gh-manager deps dependabot-prs" and "gh-manager deps graph"), which are untrusted, user-/package-maintainer-generated third‑party contents that the agent must read and use to decide merges and next actions.