agent-release-swarm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated content from public GitHub repositories (PRs, commit messages, release notes) via the gh CLI calls and WebFetch and then reads/analyzes that content to generate changelogs and versioning decisions, exposing the agent to potential indirect prompt injection.