uv-package-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow explicitly installs and runs third-party packages and performs web requests (e.g., "uv add ", "uv pip install ", and the example "uv run --with requests python -c 'import requests; requests.get("https://example.com\")'"), which pulls and executes content from public package registries and web URLs and therefore exposes the agent to untrusted third-party content that could alter behavior.