python-uv-scripts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill clearly fetches and consumes untrusted public content as part of its workflow — e.g., tools/convert_to_uv.py's get_pypi_latest_version queries https://pypi.org/pypi/{package}/json to resolve package versions and the API-client templates/patterns use httpx to call arbitrary external APIs (API_URL/env), and those fetched results are parsed and used to decide dependency/versioning and runtime actions.