bun-add

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill runs "bun add" which installs packages from public registries (e.g., npm/bun registry) and then reports package versions and dependency trees, so the agent will fetch and read untrusted, user-published package metadata and code from third-party sources.