audit-dependencies

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs agents to fetch and research public third‑party sources—e.g., "Research breaking changes" by checking changelogs/GitHub issues and "Look Up CVEs" by checking GitHub security advisories and searching the web for GHSA/CVE links—so untrusted user-generated web content is read and can materially influence bump/override decisions.