changelog-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly uses git and the GitHub CLI (e.g., "gh pr list", "git-cliff --latest", and "gh release create ... --notes "$(git-cliff ... )"") to ingest commit messages and PR titles from GitHub — user-generated, untrusted third-party content that the agent reads to generate changelogs and release notes and can thus influence subsequent actions.