dotnet-maui-doctor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses live public metadata and NuGet manifests (e.g., releases-index.json from https://dotnetcli.blob.core.windows.net and WorkloadDependencies.json downloaded from https://api.nuget.org/v3-flatcontainer/… .nupkg) as a required part of its workflow to determine JDK/SDK/Xcode requirements and installation actions, so third‑party content can materially influence decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches and parses live metadata from NuGet and .NET release endpoints at runtime (e.g. https://dotnetcli.blob.core.windows.net/dotnet/release-metadata/releases-index.json and https://api.nuget.org/v3-flatcontainer/.../*.nupkg) which directly drive its decision logic, and it also includes a curl | bash install example that executes remote code (https://dot.net/v1/dotnet-install.sh), so these URLs are runtime dependencies that can control agent actions or execute code.