dependency-update

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches package metadata from the public nuget.org API (see "Step 2: Look Up Latest Versions on nuget.org" and the curl to https://api.nuget.org/v3-flatcontainer/{package-id-lowercase}/index.json) and uses that untrusted third-party content to decide version recommendations and whether to trigger pipeline runs, which can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The companion script and fallback CLI calls connect to and trigger pipelines on the Azure DevOps organization at https://dev.azure.com/dnceng during runtime, which initiates remote pipeline execution (i.e., executes remote code) and is required for the skill to operate.