update-packages

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's references/check-outdated.ts explicitly fetches package data from the public npm registry and GitHub release notes (via the GitHub API) and SKILL.md requires reading the generated outdated-changelog.json and using those release notes to drive update decisions and fixes, which exposes the agent to untrusted, third‑party (user/maintainer) content that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The script references skills-lock.json and at runtime runs bunx skills add , which fetches GitHub skill repositories (e.g. URLs like https://github.com/owner/repo or git@github.com:owner/repo.git taken from skills-lock.json) and installs remote skill code that can change agent instructions or execute code, and the workflow mandates updating those skills before proceeding.