dependency-management-deps-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly fetches and ingests data from public package registries and APIs (e.g., the npm advisory API at https://registry.npmjs.org/-/npm/v1/security/advisories/bulk, PyPI pypi.org package endpoints, Bundlephobia, and similar public registry APIs) and is expected to read and interpret that untrusted, maintainer/user-provided content as part of its vulnerability and metadata scans, which could be a vector for indirect prompt injection.