dependency-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and reference docs explicitly instruct fetching and interpreting data from public advisory databases and registries (e.g., NVD, GitHub Advisory Database, PyPI/npm registry APIs, and package repositories / LICENSE files as listed in SKILL.md and references/cve-sources.md), which are untrusted third‑party sources whose content is read and used to drive remediation and tooling decisions.