hatchling

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's docs (e.g., references/advanced-features/dynamic-dependencies.md and build-dependencies-management.md) describe build hooks that declare/install arbitrary external dependencies (including git+https and URL direct-references) and force-include mechanisms that can pull in external files, which Hatchling will fetch and execute or incorporate at build time and thereby can materially influence build actions.