publish-npm-package

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to read and act on public GitHub and npm registry data (e.g., "Derive answers from package.json + workspace manifests → existing workflows → git remote/tags → npm registry state" in SKILL.md and repeated references to npm CLI commands and https://www.npmjs.com/package/... in the auth/reference docs), which are untrusted, user-published sources and those external contents directly drive auth/versioning/workflow decisions—opening a clear path for indirect prompt injection.