dep-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Procedure and Reference sections explicitly instruct running ecosystem commands (e.g., npm outdated / npm audit, pip-audit, cargo audit, govulncheck, npx license-checker) that fetch package metadata and advisories from public registries and vulnerability databases (npm, PyPI, RustSec/OSV, Go vuln DB), and the agent is expected to parse and act on those results to prioritize updates, so untrusted third‑party content can materially influence decisions.