release-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Step 4 explicitly fetches and interprets public GitHub data (e.g., using gh pr view ... and git log in "Detect third-party contributors") which ingests untrusted, user-generated content from third-party sites and uses it to generate changelogs, attributions, and version decisions, so external content can influence the agent's outputs and actions.