localstack-extensions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly installs and discovers community extensions from public, user-contributed sources—e.g., PyPI packages, git+https://github.com/... repository installs, and the LocalStack Extensions Registry (https://docs.localstack.cloud/user-guide/extensions/)—which means the agent will fetch and run untrusted third-party content.