security-auditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill’s dependency-scanning workflow explicitly allows fetching from public, user-contributed sources (see the "Optional: For dependency scanning" network allowedDomains: registry.npmjs.org, pypi.org, api.github.com), so the agent may ingest and interpret untrusted third‑party package/GitHub content as part of its analysis.