review-dependencies

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly requires using "WebSearch" to compare package versions (see Step 2 notes for Swift PM and cargo and Step 3 fallback), which directs the agent to fetch and interpret public web content (package registries, release pages, etc.) that is untrusted and can influence versioning decisions and next actions.