npm-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required tools (npm_search, npm_info, npm_deps, npm_compare) fetch package metadata and READMEs from the public npm registry (user-authored, untrusted package pages), and the SKILL.md workflow explicitly requires the agent to read and use that content when comparing and choosing libraries, so third‑party content could influence decisions.