upgrading-stylelint

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill's SKILL.md explicitly instructs the agent to fetch and parse public Stylelint resources (e.g., the CHANGELOG at https://raw.githubusercontent.com/stylelint/stylelint/... and migration guides on stylelint.io) and to use those documents to determine upgrade steps, so third-party web content is read and can directly influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent to fetch the Stylelint CHANGELOG/migration docs at runtime (e.g., https://raw.githubusercontent.com/stylelint/stylelint/refs/heads/main/CHANGELOG.md), and those fetched documents are used to drive the agent's upgrade instructions, so the external URL directly controls prompts and is a required runtime dependency.