jfrog-package-safety-and-download

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly queries the JFrog Public Catalog via OneModel GraphQL (Step 1: publicPackages.getPackage / publicPackages.searchPackages in SKILL.md) and may fetch artifacts through remote repos that trigger upstream public registry fetches (Steps 4 and 6b), and those untrusted public package metadata/artifacts are parsed and used to decide version selection, curation enforcement, and whether to download—so third‑party content can influence agent actions.