fix-vulnerabilities

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow (Quick Start and references/severity-processing.md) explicitly calls the GitHub API (gh api repos/$REPO/dependabot/alerts) and parses Dependabot/advisory fields (summary, cve, patched_version) which are untrusted, user-sourced third-party content that the agent must read and use to decide remediation actions.