nuget-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md instructs the agent to run dotnet package search to verify package versions (i.e., querying the public NuGet repository) and parse its JSON output as part of the update workflow, which clearly ingests untrusted third‑party package metadata that can influence subsequent actions.