ln-712-nuget-upgrader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Phase 4: Identify Breaking Changes" and "MCP Tools for Migration Search" explicitly instruct the worker to use WebSearch and mcp__Ref__ref_read_url (URL from search results) to fetch and read external/community documentation, so the agent will ingest untrusted third‑party web content that can materially change upgrade actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly calls the MCP tool mcp__Ref__ref_read_url to fetch "URL from search results" at runtime, and those externally fetched documents are used as migration guidance that will be injected into and directly influence the agent's instructions (i.e., arbitrary external URLs returned by mcp__Ref__ref_read_url), so this is a runtime external dependency that can control prompts.