org-deps

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires fetching and interpreting upstream package data and release metadata from public sources—e.g., "latest_release_tag", "search NEWS.md for 'breaking'", and checking CRAN or org releases—which means it will read untrusted open/public third-party content (GitHub repos/CRAN) that could contain user-generated instructions.