generate-release-notes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Phase 1 collectors (for example the "github-release-collector" that runs gh pr list and gh api to ingest PR titles, bodies, labels and the Linear/Jira collectors that pull issue descriptions) explicitly fetch and read user-generated content from third-party trackers and then use that content to categorize changes and drive publishing/decision steps (including WebFetch/Notion/HackMD publish flows), so untrusted third-party text could materially influence agent behavior.