The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection as it ingests untrusted data from external sources and local files. \n
Ingestion points: Local package.json files and external content retrieved via WebSearch and WebFetch (e.g., from npmjs.com and github.com). \n
Boundary markers: Absent. The skill does not instruct the agent to use delimiters or ignore instructions within the ingested content. \n
Capability inventory: The agent has access to Bash, Write, Edit, WebFetch, and Task tools. \n
Sanitization: Absent. The skill lacks sanitization or validation of the data retrieved before processing it into reports.

package-upgrade