enterprise-readiness

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflows and reference scripts (e.g., references/badge-display.md and references/badge-submission-api.md, which include .github/workflows/verify-badges.yml and curl/Python GET/PATCH examples against https://www.bestpractices.dev and https://api.securityscorecards.dev) explicitly fetch and parse public, user-generated third-party pages and JSON, and those results are used to drive verification/submission logic—introducing untrusted content that can influence actions.