performing-supply-chain-attack-simulation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's agent repeatedly fetches and parses live PyPI JSON API content (see scripts/agent.py query_pypi_metadata and SKILL.md / references/api-reference.md) — including author_email, homepage, summary, and version fields from untrusted, user-published packages — and uses those values to assign risk, flag dependency confusion, and drive verification decisions, meaning third‑party content can materially influence its behavior.