dependabot-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 2: "Fetch the changelog / release notes") explicitly instructs the agent to fetch and parse public upstream content (e.g., via gh release view, gh api repos/<upstream>/contents/CHANGELOG.md, npm view, and commit diffs), which are untrusted third-party sources whose text the agent must interpret to decide merge/action outcomes.