generate-changes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly inspects a VMR clone (defaulting to the public dotnet/dotnet repository) — reading files like eng/Versions.props and enumerating tags/release branches to resolve base/head refs — which is ingesting open/public third-party repository content that can influence ref selection and downstream actions.