npm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to run npm actions such as "install" and "info" which fetch package code and metadata from the public npm registry (user‑generated, untrusted third‑party content) and to inspect outputs like "npm info", "npm outdated", and "npm audit" to guide updates/publishes, so external content can influence the agent's decisions and tool use.