autoship

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clones target GitHub repositories (see "Clone" step and the config cloneUrl entries in SKILL.md/references/configuration.md) and the AI explicitly analyzes commits and diffs from those repos to suggest release types and generate changeset descriptions, so it ingests untrusted, user-generated third‑party content (repo code/commit messages) as part of its workflow.