dependabot-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and scrapes third‑party, public content — e.g., it calls GitHub APIs for Dependabot alerts and runs "gh release view" / "npm pack" to extract upstream release notes / CHANGELOG.md (see the "Changelog scrape" and "Fetch alerts" steps in SKILL.md) and then reads/uses those verbatim to drive safety interlocks and versioning decisions, so untrusted user-generated content can materially influence the agent's actions.