uv

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts.md and examples (e.g., "uv run --with requests", "uv add --index 'https://example.com/simple' --script example.py requests" and inline dependency metadata) show it fetches packages from public or arbitrary package indexes (PyPI or custom index URLs), which are untrusted third‑party sources whose content can be installed/executed and thereby influence agent actions.