change-log-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated PR and issue content from GitHub (see "Get Pull Request Information" and "Pull Request Integration" which call gh pr list / gh pr view and add GitHub compare/PR links), so untrusted third-party text (PR titles/bodies/labels/issue refs) is read and used to decide categorization and changelog generation.