uv-trusted-publish-github-action

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to “Base this work on Astral's official uv packaging guide” and to use Astral's trusted-publishing example repository (see the "Official References" section with public URLs like docs.astral.sh and github.com/astral-sh/trusted-publishing-examples), so the agent is expected to fetch and interpret public third-party web content that could materially influence publishing decisions.