winget

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs the agent to run winget search/show against public package sources (winget/msstore) and to display and act on the returned package metadata (name, version, source, size) as part of its workflow, which means it ingests untrusted third-party package manifests/metadata from public repositories that can influence install decisions.