update-deps

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Step 3 explicitly requires reading changelogs from public third-party sources (via npm registry repo URLs, GitHub releases using WebFetch, and WebSearch) and using those findings to decide whether and how to apply major dependency updates, so untrusted web content can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires fetching changelogs at runtime (via WebFetch/WebSearch) from URLs such as https://github.com///releases, and those fetched changelog contents are a required input that directly determine update actions (i.e., they control the agent's instructions for whether and how to perform upgrades).