cve-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The audit script (scripts/audit.ts) calls searchCVEByProduct to query public CVE services (e.g., OpenCVE / cve.mitre.org) and then reads/displays CVE fields such as cve.summary as part of its workflow, so it clearly ingests and interprets external, public third‑party content.