dotnet-build-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs searching and using public package feeds and URLs (e.g., nuget.org, example feed URLs like https://pkgs.dev.azure.com/..., and installer links such as https://aka.ms/install-artifacts-credprovider.sh) so the agent is expected to fetch and interpret untrusted, public third-party content which can change package/restore behavior and subsequent tool actions.