agent-release-swarm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly runs gh api / gh pr list calls to fetch commits and merged PRs from GitHub (public, user-generated repo data) and feeds those commits/PRs into npx ruv-swarm agents (changelog, version, build, deploy) that analyze and act on that content to create releases, PRs, and deployments, meaning untrusted third‑party content can materially influence agent decisions and actions.