claude-code-plugin-release

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The workflow explicitly fetches GitHub release JSON via the gh API and pipes it into scripts/generate_changelog.js (see "8. Regenerate CHANGELOG.md" in SKILL.md and the generate_changelog.js script), which ingests untrusted, user-generated release bodies and uses them to generate and commit CHANGELOG.md, exposing the agent to public third-party content that can influence repository state.