lazy-load-bindings

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's runtime virtual-module explicitly fetches npm tarballs from the public registry (https://registry.npmjs.org/${scope}/${pkg}/-/${pkg}-${version}.tgz) and then gunzips/parses the tarball and require()s the extracted .node binary ("fetch npm tarball → gunzipSync → minimal tar parse → writeFileSync → require()") as described in SKILL.md, meaning it ingests and executes untrusted, user-published third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The virtual module fetches and extracts native binaries at runtime from URLs like https://registry.npmjs.org/${scope}/${pkg}/-/${pkg}-${version}.tgz, writes a .node file to disk and then require()s it, which downloads and executes remote code.