release-changelog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests merged PRs and user data from GitHub (e.g., "gh pr list --state merged --search ... --json number,title,body,labels" and "gh api users/{guess}")—public, user-generated content that the workflow reads and uses to determine changelog entries and breaking changes, allowing untrusted third-party text to influence actions.