homebrew-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (SKILL.md and README) explicitly runs commands like brew create, brew fetch, brew bump-formula-pr, and brew audit --online against arbitrary public URLs (e.g., GitHub release URLs, example.com/published tarballs and DMGs), meaning it fetches and ingests untrusted third-party release artifacts and metadata which the agent uses to populate fields, compute checksums, and drive packaging/PR actions—exposing it to indirect prompt-injection from those sources.