release-note-generation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows and scripts (e.g., dump-prs-since-commit.ps1, collect-or-apply-milestones.ps1, step2/step3/step4 docs) explicitly fetch PR titles, bodies, comments and Copilot summaries from public GitHub pages/API and require the agent to read/interprete those user-generated PR contents (Title/Body/CopilotSummary) to suggest labels, request reviews, and generate release-note text, so untrusted third‑party content can directly influence actions.