horizon

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SCOUT workflow and dependency-health-scan references (e.g., references/dependency-health-scan.md and SKILL.md guidance) explicitly require running commands like npm outdated / npm audit, using npm view and bundlephobia, and checking GitHub/caniuse data—i.e., ingesting public npm/GitHub/web content (untrusted, user-generated) that the agent is expected to read and use to make migration and tooling decisions, creating a clear avenue for indirect prompt-injection influence.