bmad-os-draft-changelog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's required workflow (prompts/instructions.md) directs the agent to read PR descriptions and comments—for example via "gh pr view" for each merge—thereby ingesting untrusted, user-generated GitHub content that could carry indirect prompt-injection instructions.