review-deps

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests public third-party advisory data as part of its required workflow — e.g., running native audit tools (npm audit, pip-audit, cargo audit, etc.) and querying GitHub Dependabot via "gh api repos/{owner}/{repo}/dependabot/alerts" (Phase 2) with the raw output passed to Phase 3 agents for analysis — so untrusted public advisory/alert text could influence agent decisions and remediation actions.