update-supported-os

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly directs the agent to query and parse live public data (e.g., running "release-notes verify" against GitHub live data and curling raw JSON from https://github.com/dotnet/versions/... and https://mcr.microsoft.com/... and using endoflife.date), and those third‑party public pages are read and used to decide edits and actions, exposing the agent to untrusted external content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill requires installing and running the release-notes tool from the external NuGet source https://nuget.pkg.github.com/richlander/index.json (via dotnet tool install), which fetches and installs remote code that the skill uses at runtime, so this external content can execute code and is a required dependency.