npm-namer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's bundled CLI (scripts/npm-namer/dist/check.mjs, specifically src/registry.mjs) performs parallel HEAD requests to the public npm registry (registry.npmjs.org) and uses those live responses to decide availability/moniker collisions and to drive subsequent checks, so it clearly ingests untrusted third‑party content that can materially influence its actions.