system-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's Phase 1 explicitly instructs extracting change signals "from user's input or web search for Claude Code release notes," meaning the agent will fetch/read public release notes (open web content) and interpret them to drive the upgrade plan, allowing untrusted third-party content to influence subsequent actions.