update-deps

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly spawns sub-agents that fetch and parse public, user-authored package data (npm view, npm diff/tarball, package repository URLs, and gh release view/changelogs) from the open npm registry and GitHub and then uses that untrusted content to decide safe/review/defer and perform updates, which could allow indirect prompt injection.