mistral-upgrade-migration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Step 1 explicitly instructs running public registry queries (e.g., "npm view @mistralai/mistralai version" and "npm view ... versions --json" and pip show), which fetch untrusted package metadata from public npm/PyPI/GitHub sources that the workflow reads and uses to decide upgrade actions.