build-systems

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly fetches public third‑party content (e.g., CMake's FetchContent_Declare cloning https://github.com/fmtlib/fmt.git, conan install commands, vcpkg mentions, and third‑party GitHub Actions in .github/workflows/ci.yml), so the skill ingests and acts on untrusted external repos/packages that could materially change build/CI behavior.