testing-r-packages

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill documentation explicitly instructs fetching public third-party content — e.g., "testthat::snapshot_download_gh()" in the Snapshot Workflow (downloads snapshots from GitHub CI) and multiple examples in Advanced/Mocking (call_external_api, make_network_request, httptest2 recording real responses) that perform network requests to external APIs which tests are expected to read/interpret — exposing the agent to untrusted, user/third‑party content that can influence test behavior.