release-notes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses untrusted, user-generated commit messages and GitHub PR metadata (via git log and the gh pr list/gh release list commands described in SKILL.md Steps 2–3), and it uses that content to categorize changes and suggest version bumps and release actions, so third-party content can materially influence its behavior.