changelog-orchestrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests user-generated content from third-party sources (see references/implementation.md Phase 2: "GitHub: merged PRs + closed issues" and "Slack (optional): messages from configured channels"), and those inputs are used by the AI synthesis step to draft changelogs and drive actions (branch/PR creation), so untrusted content could influence behavior.