librarian

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads code and docs from public third‑party sources (e.g., opensrc.fetch and opensrc.files for GitHub/npm/PyPI/crates and grep_app across ALL public GitHub), which are untrusted, user-generated content that the agent is expected to read and interpret.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill calls opensrc.fetch at runtime to pull remote repositories (e.g., github.com/vercel/ai), and those fetched repository files are read and injected into the agent context to drive responses, so external repository content can directly influence prompts.