ln-645-open-source-replacer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's mandatory Phase 3 and Phase 4 workflows instruct the agent to perform WebSearch/Context7/Ref queries (and WebFetch fallback per references/research_tool_fallback.md) to gather open-web library docs and CVE advisories, which the agent must read and use to decide replacements—exposing it to untrusted public web content that can influence actions.