uipath-rpa-legacy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly requires running uip rpa-legacy validate in Phase 0 to trigger package restore from external feeds and then mandates using the CLI find-activities (Phase 2) to ingest returned XamlSnippet/XmlnsDeclaration from those third‑party packages as authoritative inputs for generating XAML, which means the agent will fetch and interpret untrusted third‑party content (e.g., NuGet/package XAML) that can materially influence subsequent actions.