detecting-typosquatting-packages-in-npm-pypi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly queries public package registries (e.g., the PyPI JSON API at https://pypi.org/pypi//json and the npm registry at https://registry.npmjs.org/ as shown in SKILL.md and scripts/agent.py), ingests user-provided package metadata and descriptions, and uses that data to compute scores and drive blocklist/reporting decisions, so untrusted third-party content can materially influence the agent's actions.