publish-release-announcements

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required preflight and discussion/announcement workflow explicitly fetch and reuse previous dotnet/core discussion bodies and dotnet/announcements issue bodies from public GitHub (user-generated content) and search those repos to decide whether to create, update, or verify posts, so that external content can influence creation and agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs the agent at runtime to fetch and reuse prior GitHub discussion/issue bodies (e.g. https://github.com/dotnet/core/discussions/10363 and https://github.com/dotnet/announcements/issues/393), and those fetched contents are used as templates that directly shape the agent's generated prompts/content.