release-notes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's pipeline explicitly includes PR metadata extraction with a "--fetch-gh" option (references/release-pipeline.md: "extract-pr-metadata.cjs [--fetch-gh]") and processes commit/PR bodies (parse-commits outputs and LLM transforms) so it can fetch and ingest user-generated content from GitHub/PRs, which are untrusted third-party inputs that the agent reads as part of its workflow.