denvig-upgrade-npm-dependencies

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to locate each package's repository via npm view {{package}} repository.url and read the releases page or changelog (e.g., {{repository_url}}/releases or /blob/main/CHANGELOG.md) to determine breaking changes, so it will fetch and interpret untrusted public third‑party content that can change upgrade decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs the agent at runtime to fetch package repository release/changelog pages (e.g., https://github.com/{repo}/releases and https://github.com/{repo}/blob/main/CHANGELOG.md) and to read that content to decide upgrades and modify package.json, so those external URLs directly influence agent instructions and execution.