analyze-deps

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses public, third-party content—npm registry entries (npm view), GitHub Releases API and raw CHANGELOG.md from raw.githubusercontent.com, and general WebSearch results/migration guides—which are untrusted/user-generated sources that the agent reads and interprets to extract breaking changes and migration steps, creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches runtime content from the GitHub Releases API (https://api.github.com/repos/{owner}/{repo}/releases) and raw changelogs (e.g. https://raw.githubusercontent.com/{owner}/{repo}/main/CHANGELOG.md) to extract release notes and breaking-change/migration instructions that are injected into the analysis, so external content directly influences the agent's outputs.