security-scanner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's deps mode includes a required reference (references/dependency-audit.md) that explicitly instructs validating dependencies by querying public registries and advisories (e.g., npm/PyPI registry URLs, GitHub Security Advisories, NVD) so the agent is expected to read and interpret untrusted, public third-party content which can materially change vulnerability findings and remediation decisions.