ln-820-dependency-optimization-coordinator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's pre-flight Security Audit and Release Age checks (SKILL.md Phase 2 and references/security_audit_guide.md) explicitly instruct running registry queries and audit commands—e.g., npm view <package> time, PyPI JSON API, NuGet API queries, npm audit, pip-audit, dotnet list package --vulnerable—which fetch untrusted public package registry data that the agent must read and that directly influence upgrade/blocking decisions.