librarian

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md) and the opensrc API docs (references/opensrc-api.md and opensrc-examples.md) explicitly call opensrc.fetch/reads/grep on public sources (GitHub, npm, PyPI, crates), meaning the agent will fetch and interpret arbitrary public repository code and docs (untrusted, user-generated) as part of its decision-making flow.