dependency-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and reference docs (Phase 4 "Check Security", references/cve-sources.md, references/license-compatibility.md and the Data Sources section) explicitly instruct querying public registries and advisory databases (NVD, GitHub Advisory DB, PyPI/npm registry APIs) and fetching package repository LICENSE/metadata, so the agent ingests untrusted, user-generated third‑party content that can influence audit decisions.