search-first

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow in SKILL.md (notably "Step 2: Parallel Search" and "Search Category C: Web Research" plus the npm/PyPI search commands) requires fetching and evaluating public third‑party content from npm, PyPI, GitHub and blog posts and then using those findings to decide/adopt/install packages, so untrusted user‑generated web content could materially influence the agent's actions.