github-release

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill reads live GitHub release data and CI output (untrusted, user-generated content) as part of its required workflow — e.g., SKILL.md Phase 5 ("Overhaul release description") and multiple checks/scripts (checkpoints GR-9, validate-pre-release.sh and commands like "gh release view" / "gh run list") explicitly fetch GitHub release notes/assets and commits and then use that content to decide actions such as editing release notes, so third-party content can influence tool use and behaviour.