uv

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows commands that fetch and install code from public sources (e.g., "uv add requests", "uv sync") and explicitly includes a [tool.uv.sources] git example (git = "https://github.com/org/repo") in the Workspaces Configuration, meaning the agent would fetch and run untrusted third‑party repository/PyPI content that could carry indirect instructions.