upgrade-packages-js

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory "Automatic Web Search for Migration Guides" and "Breaking Change Evidence Check" steps instruct the agent to fetch and parse public third‑party sources (GitHub releases/CHANGELOG, package homepages, dev.to/medium, Stack Overflow, npmjs.com, etc.) and then base upgrade/migration actions on that content, which exposes the agent to untrusted, user‑generated web content that could inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill mandates runtime fetching and parsing of external migration docs (e.g., GitHub changelogs/releases such as https://github.com/{org}/{pkg}/blob/main/CHANGELOG.md or {repo}/releases) and uses those results to decide and drive upgrade actions (including executing codemods via npx), so remote content directly controls agent behavior and can result in executing fetched code.