release-guard

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly runs GitHub CLI/API commands (e.g., "gh pr view", "gh run list", "gh run view", and "gh api repos/:owner/:repo/branches/main/protection") to fetch PR and CI run data from GitHub (user-generated/untrusted third-party content) and uses those results in SKILL.md and ci-reference.md to decide whether to block or allow a release, so external content can directly influence agent actions.