changelog-gen

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly reads git history and sends commit messages to the model ("Runs git log... and sends them to GPT-4o-mini" in SKILL.md), which ingests untrusted user-generated commit content that could contain instructions influencing model behavior.