bump-deps

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill runs scripts/run-taze.sh which invokes the taze CLI to fetch package update information from public package registries (npm/pubic package metadata), and the SKILL.md requires the agent to parse that untrusted, user-published taze output and take actions (auto-apply or prompt) based on it.