release-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The workflow (Step 2 and Step 4) explicitly reads git history and merged PR data—using commands like git log ${LAST_TAG}..HEAD --oneline and gh pr view <number> --json author—and parses commit messages/PR metadata (user-generated third-party content) to detect breaking changes and decide the version bump and changelog content, so untrusted external contributions can materially affect agent actions.