rsdoctor-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly requires querying and sometimes downloading from the public npm registry (e.g., "npm view @rsdoctor/agent-cli version" in SKILL.md and the registry endpoint/dist.tarball flow in references/rsdoctor-data-types.md), which ingests untrusted third‑party package metadata/tarballs that the agent is expected to read and that can change installation and analysis behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly instructs runtime npm registry fetches (e.g., https://registry.npmjs.org/@rsdoctor%2Ftypes/latest) and npm installs (npm install -g @rsdoctor/agent-cli@latest) which download remote package tarballs used to drive schema/field selection and run a remote CLI — so remote content fetched at runtime can directly influence prompts or execute code.