changelog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests user-generated content from third-party code hosting services (e.g., the "Collect Merged PRs (GitHub)" step using gh pr list --state merged ... --json ... --body and referenced GitHub compare links), and those PRs/PR bodies and commit messages are parsed and used to categorize changes and decide version bumps, so untrusted external content can influence actions.