release-tweet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated content — GitHub release bodies and user profiles via the gh commands in SKILL.md and public X/profile pages and personal blogs per references/handle-verification.md — and then uses that content to decide tweet wording and which contributors to @mention, so untrusted third-party content can materially change agent behavior.