devcontainers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Workflow 2 in SKILL.md explicitly instructs the agent to "browse the official registry (https://containers.dev/features) or GitHub Container Registry" (also referenced in references/features-templates.md), meaning the agent is expected to fetch and interpret public, potentially user-published Feature manifests that can directly influence configuration and subsequent actions.