security-review-2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to run "npx skills add zackkorman/skills --skill security-review", which pulls and executes a public third-party package (from npm/GitHub) that the agent will read/execute, exposing it to untrusted external content.