changelog-page

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches public, user-authored release notes from the GitHub Releases API (see lib/github-releases.ts: https://api.github.com/repos/${process.env.GITHUB_REPO}/releases) and directly renders release.body into the changelog page (dangerouslySetInnerHTML) and RSS feed, so untrusted third‑party content could carry indirect prompt-injection or malicious payloads.