release-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill reads and interprets user-generated git commit messages and PR data from GitHub as part of its workflow—e.g., Step 2 uses git log and commit bodies to detect "BREAKING CHANGE" (affecting version bump) and Step 4 calls gh pr view to fetch PR authors for changelog attribution—exposing the agent to untrusted third-party content that can influence decisions and actions.