securing-container-registry-images

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill (SKILL.md and scripts/agent.py) explicitly scans and ingests content from public container registries and tooling (e.g., "trivy image" against remote registry images, Syft-generated SBOMs, and ECR scan findings via boto3), which are untrusted, user-provided artifacts that the agent parses and uses to drive audit/reporting decisions.