dependency-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md execution process explicitly instructs the agent to "trigger web search (Exa/WebFetch)" to read changelogs, release notes, and migration guides and to "query package registries" (Step 3–4), which means the agent will ingest and act on untrusted public third-party content that can materially influence update decisions.