prepare-release

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches public GitHub release data and ingests user-generated commit messages/diffs (via the gh release list --repo ... command and the $(git log $LATEST..HEAD ...) / $(git diff $LATEST..HEAD ...) insertions used in the Gemini/Codex prompts), so untrusted third-party content is read and fed into model prompts that can influence subsequent actions.