github-fetch-release-notes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses user-generated GitHub content (CHANGELOG files and Releases) via the GitHub CLI/API—see SKILL.md and scripts/github_fetch_release_notes/gh_client.py (fetch_contents, fetch_changelog_document, batch_get_latest_releases) and changelog.py—so untrusted third-party text from public repositories is read and can influence selection/decision logic and outputs.