supply-chain-protection

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow (Step 4's smoke test "sfw add is-odd --dry-run" and Step 3/CLAUDE.md instruction to "manually verify the publish date") explicitly requires fetching package metadata from public package registries (e.g., npm/pnpm/Yarn/Bun registries), which are untrusted third‑party sources whose content (publish timestamps/metadata) is read and used to decide installs and enforce the 48‑hour rule.