doc-changelog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The workflow explicitly enriches commits with public GitHub PR/issue data (see "3. Enrich with PR/Issue Data" and the gh pr list examples) and then uses PR titles, labels, and bodies to classify and format changelog entries, so untrusted, user-generated content from GitHub can influence classification and the generated changelog.