code-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md "Scan" workflow explicitly instructs running tools like npm audit, pip audit, trivy fs ., and snyk test (and references "monitor CVE feeds" in references/owasp-top-10.md), which ingest advisories/package metadata/CVE feeds from public registries and feeds (untrusted third‑party sources) and whose results are directly used to decide fixes and next actions.