dependency-updater

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill runs package manager and audit tools (e.g., taze, npm audit, pip-review/pip-audit, go get -u, cargo update, govulncheck, cargo audit) that fetch metadata, changelogs and vulnerability advisories from public package registries and vulnerability databases, meaning it ingests untrusted, user-published third-party content which the agent reads and reports.