dependency-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's runtime (see scripts/analyze_deps.py and the SKILL.md workflows) runs tools like "npm audit", "pip-audit", "govulncheck", "cargo audit" and "npx license-checker" that fetch and parse public vulnerability/license data from external services and then use those parsed results to drive remediation/upgrade decisions, so it clearly ingests untrusted third‑party content that can influence actions.