supply-chain-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's code and CI workflows explicitly fetch and parse data from public package registries and sites (e.g., registry.npmjs.org, api.nuget.org, pypi.org, npm pack downloads) — the agent ingests and acts on untrusted, user-published package metadata and tarballs as part of dependency-confusion, typosquatting, and package-monitoring flows, so third-party content can materially influence decisions and tool use.