bump-deps

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill runs the taze CLI via scripts/run-taze.sh and explicitly instructs (SKILL.md Steps 1–2) to parse taze's output to decide which packages to update—this output is derived from public package registries (e.g., npm) and thus untrusted third-party package metadata can directly influence the agent's update decisions and tool usage.