claude-changelog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and analyzes public, user-authored content from GitHub Releases or the raw CHANGELOG (via "gh api repos/anthropics/claude-code/releases" and curl to api.github.com or raw.githubusercontent.com) and requires the agent to read and classify release/body text as part of its workflow, so untrusted release content could influence its decisions or actions.