npm-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md and references/commands.md / references/upgrade-workflow.md) tells the agent to run commands like npm audit, npm view <package> versions, and to "review the package's upgrade guide", which fetch JSON and advisory pages from the public npm registry and linked GitHub advisories (untrusted third‑party content) that the agent is expected to parse and use to decide upgrades, so those external pages could indirectly inject instructions.