changelog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to "analyze the provided GitHub changes and related issues" and to "use gh cli to lookup the PRs" (i.e., ingest PR descriptions, issue content and labels from the repository/main branch), which are untrusted, user-generated third-party contents that the agent must read and that can materially influence its actions and outputs.