using-uv

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's docs explicitly show fetching and installing code from public git URLs and arbitrary package indexes (see "Git/URL sources" in references/projects.md: uv add git+https://github.com/user/repo and "Alternative Package Indexes" in references/scripts.md: uv run --index "https://example.com/simple"), which exposes the agent to untrusted, user-provided third‑party content it may download or execute.