cli-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill automatically fetches and ingests release data (including GitHub release bodies via fetch_github_releases in scripts/fetch_releases.py and PyPI/npm metadata via fetch_pypi_releases/fetch_npm_releases and resolve_source.py) and then parses those user-provided release notes with summarize_changes.build_highlights to produce actionable highlights—meaning untrusted, user-generated third‑party content is read and directly influences the agent's outputs and recommendations.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill makes runtime network requests to external release endpoints—e.g. the GitHub API URL https://api.github.com/repos/{owner}/{repo}/releases?per_page=100 and the PyPI metadata URL https://pypi.org/pypi/{package_name}/json—and injects fetched release notes/metadata into its summarization pipeline, meaning remote content is fetched at runtime and directly influences the agent's generated output.