flagrelease-entrance-flagos

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly probes and uses public package sources (detect_network.py -> GitHub/PyPI and the install-stack step that installs packages from those mirrors) and env-verify explicitly downloads Qwen3-0.6B, all of which are untrusted third-party content whose execution/results are read and used to make gate decisions and drive subsequent pipeline actions.