github-release-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill uses the GitHub CLI and API (e.g., COMMITS=$(gh api repos/owner/repo/compare/${LAST_TAG}...HEAD --jq '.commits[].commit.message'), gh release list/download, gh pr create) to fetch commit messages, release notes, and assets from GitHub repositories—user-generated/public content that the agent ingests to build changelogs and releases, which can carry untrusted instructions.