modernize

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill runs package manager and audit commands (e.g., npm outdated/npm update, pip install --upgrade, cargo update, npm audit) that fetch package metadata and code from public registries (npm, PyPI, crates.io) and captures/consumes those outputs as part of the upgrade workflow, exposing the agent to untrusted third-party content.