upgrade-otel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to "Read each changelog" from public GitHub URLs (e.g., opentelemetry-js and opentelemetry-js-contrib CHANGELOG.md and third-party instrumentations like @prisma/instrumentation), which are untrusted, user-maintained web content that the agent must interpret to decide whether to proceed with upgrades, so they could materially influence actions and enable indirect prompt injection.