dotnet-cli-architecture

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Service layer clearly fetches and deserializes data from an arbitrary URL provided as the --source option (see Services/SyncService.cs using HttpClient.GetFromJsonAsync(source, ct) in SKILL.md), so untrusted third‑party content would be read and can influence the tool's behavior.