modernize

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and installs packages from public registries (e.g., npm, PyPI, crates.io via commands like npm update, pip install --upgrade, cargo update, go get), so untrusted third‑party code is ingested as part of the workflow and can materially change tests/behavior and subsequent agent actions.