docs-serverless-changelog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly requires using the GH CLI to fetch GitHub PR context and to fetch and review files from the public repo path https://github.com/elastic/docs-content/tree/main/release-notes/elastic-cloud-serverless, which are untrusted, user-generated third-party sources that the agent must read and use to shape its output.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires fetching and reviewing the GitHub directory https://github.com/elastic/docs-content/tree/main/release-notes/elastic-cloud-serverless (via the GH CLI) at runtime and uses the fetched PRs/files to directly shape prompts and the agent's output, so this external repo is a runtime dependency that controls agent instructions.