bump-cluster-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The workflow explicitly fetches and reads files from the origin remote (e.g., via "git fetch origin release-{version}" and "git show origin/release-{version}:pkg/ui/workspaces/cluster-ui/package.json"), which pulls public repository content that the agent must interpret to decide whether and how to proceed, so untrusted commits or third‑party repo content could influence actions.