changelog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill automatically fetches and displays public GitHub Releases (via the GitHub Releases API) and performs web searches/OpenRouter queries to pick/synthesize models and release-note text—all untrusted, user-generated third-party content that the agent ingests and interprets as part of its workflow.