juicebox-upgrade-migration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's implementation guide explicitly instructs fetching and reviewing public changelog data from an open third‑party URL (curl https://api.github.com/repos/juicebox-ai/sdk-js/releases/latest in references/implementation-guide.md and links to GitHub/docs), which the agent is expected to read and could materially influence migration actions.