dependency-vuln-triager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly reads scanner JSON produced by public scanners (npm audit / pip-audit / OSV) from the required --input file (see SKILL.md and triage.py where Path(args.input).read_text() is used) and directly interprets advisory fields (summary, severity, fix_version) to score and choose remediation actions, so untrusted/public advisory content could materially influence its decisions.