dependency-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's upgrade checklist (references/upgrade-checklist.md and SKILL.md Phase 1/2) explicitly instructs the agent to read changelogs, migration guides, and public issue threads from package repositories and other public websites, i.e., untrusted third‑party content that could influence upgrade decisions and actions.