tech-stack-eval

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly directs the agent to assess ecosystem health using public sources like GitHub and npm/PyPI (see "Assess ecosystem health — Evaluate GitHub activity, npm/PyPI adoption..." and the output's "Ecosystem Health — table: GitHub stars, weekly downloads, last release, open issues"), which requires ingesting untrusted, user-generated third-party web content that can materially influence recommendations.