changelog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's required workflow explicitly tells the agent to "Review recent merged PRs" using gh pr list --repo elie222/inbox-zero..., meaning the agent will fetch and read user-generated GitHub PR content (public third-party text) and use it to decide changelog wording, which could carry malicious or instructional content that influences actions.