release-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches GitHub PRs and repo metadata (e.g., using gh pr view and gh repo view) and reads git logs/commit messages (user-generated, public) as part of its required workflow to generate changelogs and determine version bumps, so untrusted third-party content can influence decisions and outputs.