project-understanding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's dependency-analysis and workflow explicitly instruct running public registry and web-backed tools (e.g., "npm audit", "npx bundle-phobia-cli", "pip-audit", and the CI "Dependency Analysis" step that produces audit.json/outdated.json) which ingest untrusted, user-published package metadata and vulnerability advisories from open third-party sources and then drive analysis and recommendations, so third-party content can influence the agent's decisions.