git-publish-release

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches public GitHub release data via curl ("获取最新 Release 信息" in SKILL.md: curl ... "https://api.github.com/repos/$REPO/releases"), which is untrusted user-generated content (tags/release bodies) that the agent reads to determine PREVIOUS_TAG and thus materially influences commit-range selection and subsequent actions, creating a clear avenue for indirect prompt injection.