ln-710-dependency-upgrader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Security Audit and Release Age checks (Phase 2 in SKILL.md and references/security_audit_guide.md) explicitly instruct running registry/audit queries such as npm audit, npm view <package> time, the PyPI JSON API and NuGet API to fetch public package metadata and audit outputs that the agent must parse to decide whether to block or proceed with upgrades, thereby ingesting untrusted third‑party content that can influence actions.