azcli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly includes commands that fetch and deploy templates or code from public URLs (e.g., "az deployment group create --template-uri 'https://raw.githubusercontent.com/.../azuredeploy.json'" in automation.md and "az webapp deployment source config --repo-url https://github.com/user/repo" in serverless.md), which are untrusted, user-controlled third-party sources whose contents would be ingested and can materially change subsequent actions.