update-container-images

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's companion script (UpdateImageTags.cs) explicitly queries public container registries (docker.io, ghcr.io, quay.io, container-registry.oracle.com, mcr.microsoft.com) to fetch image tags, the generated update-tags-report.json is read and analyzed by the LLM per SKILL.md Step 2, and those externally sourced tags directly drive update decisions and code edits (Step 5), so untrusted third-party content can influence agent actions.