github-release-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches PRs and commit messages from GitHub (e.g., "CHANGELOG=$(gh api repos/:owner/:repo$compare/${LAST_TAG}...HEAD --jq '.commits[].commit.message')" and the GitHub Actions "Get merged PRs for changelog" / "Generate Release Changelog" steps) and feeds that untrusted, user-generated content into claude-flow commands that the agent reads and uses to generate changelogs, version suggestions, and release actions, allowing indirect prompt-injection from external content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly runs "npx claude-flow@alpha" during CI and local workflows (which fetches and executes code from the npm registry at runtime) and that external package directly orchestrates AI agents/prompts, so it is a runtime remote dependency that can execute remote code (flagged: npx claude-flow@alpha -> npm registry).