azure-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read public documentation and migration guides (e.g., references/languages/java/INSTRUCTION.md: "For each migration guide you recorded during migration: 1. Fetch and read the full content of the guide URL" and SKILL.md/README guidance to use mcp_azure_mcp_documentation and mcp_azure_mcp_get_azure_bestpractices), meaning it ingests open/public third‑party content that directly influences upgrade decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching the Azure SDK BOM POM at runtime (e.g. https://raw.githubusercontent.com/Azure/azure-sdk-for-java/main/sdk/boms/azure-sdk-bom/pom.xml) to determine the BOM version and to read migration guides, which means external content would be loaded during execution and can directly control migration decisions/instructions.