Bedrock + Default themes = security exploit. How to remove them?

Hi.

I got ManageWP to track many of the Wordpress sites we build. And we do use Bedrock. And Sage as a starter theme.

But ManageWP also tells us - common for every site. That the default themes that are shipped, and is in every wordpress install - is outdated.

What I want to know:

1. How can we make this so that the default themes are removed every time we deploy it?

2. If not possible, how can they be updated easily?

How are you deploying? Trellis? With Trellis you can use a deploy hook to either remove or update the default themes on deploy: