release-note-generation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly collects and processes merged PR data from GitHub (e.g., via gh and scripts like dump-prs-since-commit.ps1 producing milestone_prs.json and sorted_prs.csv), which is user-generated/untrusted content the agent is expected to read and summarize.