github-release-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated content from public GitHub sources (e.g., "gh api repos/:owner/:repo$compare/... --jq '.commits[].commit.message'", "gh pr list --state merged ..." and GH discussions/issues in the GitHub Actions steps) and feeds those commit messages/PRs into the claude-flow changelog/release-note generation pipeline, so the agent will read and interpret untrusted third-party content.