component-version-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required upgrade workflow explicitly re-downloads the model weights from the public "mlx-community/Kokoro-82M-bf16" on Hugging Face and updates Python/Bun packages (via PyPI/npm/Bun) as part of kokoro-install.sh --upgrade, meaning it ingests untrusted third-party content that could change runtime behavior.