release

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill instructs the agent to monitor and interpret public CI logs on GitHub Actions (gh run list/watch and gh run view) and to query/install from the public npm registry (npm view, npx), both of which are open/public, user-generated sources whose content the agent would read and use to decide publish/next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The workflow's post-publish verification runs "npx agentic-qe@" which at runtime fetches and executes the package from the npm registry (https://registry.npmjs.org/) — i.e., remote code is retrieved and run.