bmad-os-draft-changelog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Step 2 explicitly tells the agent to read merged PRs/issues and their descriptions/comments (via "gh pr view" and "read the original PR/issue"), which are untrusted, user-generated GitHub content that the agent must interpret and that can materially influence its changelog decisions.