release-notes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to fetch merged PRs and closed issues from GitHub using "gh pr list" and "gh issue list", which are public, user-generated third-party contents that the agent is expected to read and that can influence release-note generation and subsequent actions.