ce-release-notes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's helper script (scripts/list-plugin-releases.py) fetches release "body" fields from the public GitHub Releases API (https://api.github.com/repos/EveryInc/compound-engineering-plugin/releases) and SKILL.md Phase 6 explicitly requires the agent to read those release bodies to decide matches and synthesize answers, so untrusted third-party content can materially influence the agent's decisions.