model-registry-maintainer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill programmatically fetches and parses public third‑party data (e.g., the LiteLLM JSON at https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json and the OpenRouter models endpoint https://openrouter.ai/api/v1/models), so the agent will read and act on untrusted external web content that could carry indirect prompt injection.