kata-complete-milestone

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests user-generated repository content and external GitHub data as part of runtime: it parses commit messages to detect bump type and generate changelogs (references/version-detector.md and references/changelog-generator.md) and it calls the GitHub API to list issues/milestones (milestone-complete.md gh api / gh run usage) — these untrusted, user-authored texts are read and directly influence version decisions, changelog content, PR bodies, and subsequent actions.