dependency-update-bot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, untrusted third‑party content (GitHub Releases API, raw CHANGELOG.md from GitHub repos, npm registry README, and PyPI project descriptions) and uses that content to detect BREAKING CHANGES, escalate risk levels, and generate PR bodies and update actions, so external content can materially influence the agent's decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill requires GEMINI_API_KEY and at runtime POSTs package changelogs to the Gemini endpoint (https://generativelanguage.googleapis.com/v1beta/models/gemini-2.0-flash:generateContent?key=$GEMINI_API_KEY), which executes remote model generation and uses fetched changelog content to directly control the agent's PR-writing instructions.