dependency-vulnerability-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill ingests and parses public third-party vulnerability data (runs npm audit --json and invokes Snyk test / uses Snyk action) and uses fields like data.via[...] (urls, titles, impact) directly in generated patch plans and comments, so untrusted external advisories are read and displayed as part of the workflow.