1k-pkg-upgrade-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow explicitly downloads and diffs package tarballs from the public npm registry (see SKILL.md and references/review-workflow.md using curl $(npm view PACKAGE@VERSION dist.tarball)), thereby ingesting untrusted third-party package source that the agent must read and use to make compatibility decisions and post PR comments.