changelog-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill scaffolds a public changelog page and includes a GitHub API client (lib/github-releases.ts) plus an LLM synthesis script (scripts/synthesize-release-notes.mjs) that reads GitHub commits/releases and public release notes—all user-generated, untrusted third-party content the agent is expected to ingest and interpret.