release-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill reads and interprets user-generated Git data (git log/commit messages and changelog files) and explicitly calls the GitHub CLI (gh pr view) to pull PR author info from GitHub, so it consumes untrusted, third-party user content (commit messages, PR titles/bodies, usernames) as part of its changelog-generation workflow.