dependency-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow and reference files explicitly require fetching and interpreting untrusted public sources (e.g., references/cve-sources.md and references/health-metrics.md instruct use of NVD, GitHub Advisory Database, PyPI/npm registry APIs and package repo LICENSE files), and those external pages/registry data directly drive license, security, and remediation decisions.