framework-migration-deps-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's implementation playbook (resources/implementation-playbook.md) shows runtime steps that ingest public package data and changelogs—e.g., subprocess calls to npm outdated / pip list and BreakingChangeDetector._fetch_changelog—which fetch and parse untrusted, user-authored registry/changelog content that is then used to decide upgrade/migration actions.