package-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Phase 2 explicitly instructs the agent to fetch and read content from public third‑party sites (e.g., https://www.npmjs.com/package/[package-name], GitHub CHANGELOG.md/releases and other web searches) which are untrusted/user-generated sources that the agent must read and interpret as part of its workflow, creating a clear vector for indirect prompt injection.