release-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Flagged because SKILL.md Step 4 explicitly ingests user-generated content (git commit history and GitHub data via commands like git log and gh pr list / gh issue list) from a third-party/public source (GitHub), which the agent is expected to read and which directly influences version-bump recommendations, changelog generation, and release actions.