dependency-confusion-detect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill runs Confused and GuardDog to check whether internal package names exist and to scan packages on public registries (e.g., PyPI, npm), so it fetches and inspects untrusted, user-published package content from those open registries and expects the agent to read/interpret the results.