changelog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly instructs the agent to "read the PR description and changed files" (user-generated content from PRs/branches on public repositories/hf.co), so it ingests untrusted third-party content as part of its operation.