debug-opensrc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and read source from public third-party registries and repos (see "Phase 1: Source Retrieval" with commands like opensrc path vercel-labs/agent-browser, opensrc path pypi:requests, and opensrc path zod), meaning untrusted, user-generated code is ingested and used to drive debugging decisions.