dependency-auditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly directs the auditor to check public package registries and vulnerability databases (e.g., npmjs.com/package/, pypi.org/project/, GitHub advisories, osv.dev, vuln.go.dev), which are untrusted third-party sources the agent is expected to read and whose content can directly influence install/approval decisions.