ln-822-nuget-upgrader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill's Phase 4 "Identify Breaking Changes" workflow explicitly instructs using MCP tools and a WebSearch fallback (e.g., mcp__Ref__ref_search_documentation and mcp__Ref__ref_read_url, and "WebSearch") to find and read external documentation and community solutions, which are untrusted third-party sources that the agent will interpret to drive upgrade/migration actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls the MCP tool mcp__Ref__ref_read_url at runtime to "Read" a "URL from search results", meaning it will fetch external web content (the "URL from search results") and inject that content into the agent's context to guide migration instructions, so this is a runtime external dependency that can directly control prompts.