x07-package

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's workflow (e.g., x07 pkg lock, x07 pkg versions, and x07 pkg publish) explicitly fetches and processes package/index data from open HTTP/HTTPS indexes (default sparse+https://registry.x07.io/index/ and any user-specified --index <url>), so untrusted package metadata from third-party registries can be ingested and materially influence lockfile updates and subsequent actions.