update-dependencies

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly runs npx npm-check-updates, npx npm-check-updates (ncu), and yarn install as required steps, which fetch package metadata and packages from the public npm registry (untrusted, user-published content) and uses those results to update package.json, install code, and drive subsequent build/test/commit decisions.