release-note-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Generation steps explicitly instruct running a subagent to fetch closed GitHub issues and PRs from the public microsoft/vscode repository using the gh CLI (step 4), which ingests untrusted, user-generated third-party content that the agent must read and use to generate and modify release notes.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs running a runtime fetch using the GitHub CLI (gh search issues --repo microsoft/vscode ...) to retrieve JSON from the microsoft/vscode repository (https://github.com/microsoft/vscode) and inject those issue/PR contents into the release-note generation, so external content from that URL is fetched at runtime and directly controls the agent's output.