pkgx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly states the agent will fetch and run "any open-source utility" (e.g., "automatically handles tool acquisition and execution" and "x pkgx ls" to browse packages), which means it ingests code and package metadata from public third‑party sources that are untrusted and could influence execution and subsequent decisions.