phoenix-release-notes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 2 "Get the changelog" explicitly instructs using gh release view ... to fetch GitHub release bodies (user/PR-generated content) and then to read and interpret changed files and release text to decide what to include in release notes and edits, so untrusted third‑party content from GitHub can materially influence agent decisions and actions.