changelog-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill ingests and processes commit messages, PR descriptions, and release metadata from GitHub/GitLab (e.g., via semantic-release, git-cliff, and the release templates referencing PRs), which are untrusted, user-generated third‑party content that the workflow reads and incorporates when generating changelogs.