docs-steward

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches package data from public registries (npm and PyPI) as part of its required "Live Version Research" / version-refresh workflow (see SKILL.md Live Version Research and references/version-refresh.md), and those public registry responses (third-party package metadata/changelogs) are read and used to decide version updates and migration/sync actions, creating a clear vector for indirect prompt-injection via untrusted registry content.