ce-changelog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to "Analyze the provided GitHub changes and related issues" and to "Use gh cli to lookup the PRs" (PR descriptions, labels, and linked issues), which requires ingesting untrusted, user-generated content from public GitHub pages that will be read and used to drive changelog creation.