release-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads repository history and external PR metadata (uses git log/git diff to parse commit messages and gh pr view to fetch PR authors) and then uses that untrusted, user-generated content to decide version bumps, generate changelog entries, and drive commit/tag actions, so third-party content can materially influence behavior.