npm-updater

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly WebFetches the public npm registry (Step 3: https://registry.npmjs.org/{package}/latest) and then fetches GitHub releases/RAW CHANGELOG.md and performs WebSearches for migration guides (Steps 5–6), and it requires the agent to parse those untrusted, user-maintained pages—including surfacing and acting on any “agent-specific” migration prompts—so third‑party content can directly influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime fetches of repository-hosted changelogs/migration guides (e.g., raw CHANGELOG.md from the verified repo URL such as https://raw.githubusercontent.com//... ) and queries the Context7 MCP endpoints (resolve-library-id / query-docs) to locate and surface "agent-based migration prompts", which means external content fetched at runtime can directly provide prompts/instructions the agent will follow.