changelog-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly ingests user-generated content — commit messages, PR titles and descriptions, and issue references — and references GitHub compare/release pages (e.g., https://github.com/user/project/compare/...), so the agent will read/interpret arbitrary third-party PR/issue content that could contain injected instructions.