sap-cap-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries public third‑party services — it runs npm view <pkg> dist-tags.latest (Step 3) and calls advisory sources (osv.dev and the npm advisory bulk fallback) as the vulnerability gate (Step 3.5) per SKILL.md, ingesting untrusted npm/advisory content which the agent interprets to decide whether to block or proceed with upgrades.