.agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skills/cli-upgrade workflow explicitly requires discovering and pulling release notes from public sources (GitHub Releases, npm, PyPI) as part of its required runtime flow (see skills/cli-upgrade/SKILL.md and references/source_rules.md), which means untrusted, user-generated third‑party content would be read and could materially influence upgrade recommendations.