changelog-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflows explicitly generate changelogs and release notes from commits and GitHub PRs (e.g., "gh release create --generate-notes", semantic-release plugins, and git-cliff/compare URLs) which ingest user-generated content from public GitHub repos/PR descriptions, so untrusted third‑party text can influence versioning and automated release actions.