changelog-composer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to extract and parse PR titles and descriptions from GitHub using gh pr list (SKILL.md, Phase 1 step 3), which are user-generated, third‑party PR contents that the agent will read and use to classify and compose changelog entries.