azure-containerregistry-py

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill can connect to arbitrary registries via AZURE_CONTAINERREGISTRY_ENDPOINT (and shows anonymous access to public registries like mcr.microsoft.com) and explicitly downloads and iterates over manifests/blobs (download_manifest, download_blob), so it ingests content from public/user-published container registries that may be untrusted.