changelog-rfc-29

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill autonomously fetches and parses public GitHub release content (see scripts/import-releases.ts: fetchReleases using gh api "repos/${repo}/releases?...") and then converts release bodies into changelog entries (convertToChangelog/parseReleaseBody), so untrusted, user-generated third‑party content from arbitrary repos is ingested and can change tool behavior and outputs.