find-npm-package

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly queries the public npm registry and npm downloads API (see SKILL.md Quick Start and API Options calling https://registry.npmjs.org/-/v1/search and https://api.npmjs.org/...downloads/...), ingests package descriptions and metadata (user-authored/untrusted) and uses those results to drive search, selection, and refinement, so third‑party content can materially influence the agent's actions.