tech-stack-evaluator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly accepts GitHub, npm, and documentation URLs for ecosystem analysis and lists data_fetcher.py fetching real-time data from GitHub, npm, and CVE databases, meaning the agent will fetch and interpret untrusted public third-party content that can materially influence recommendations.