document-release

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The skill embeds numerous explicit, non-documentation actions (telemetry/logging, config changes, artifact sync, auto-upgrade and vendored-removal flows, git commits/pushes and other repo-modifying commands) that are outside the stated "post-ship documentation update" purpose and could change repo state or surface data—these instructions are not obfuscated but are deceptive relative to the advertised scope.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly reads and edits PR/MR bodies via gh/glab in Step 9 (reads the PR/MR body into a tempfile and replaces/appends a "## Documentation" section), which is user-generated content from GitHub/GitLab and is parsed/acted on as part of the workflow, exposing the agent to untrusted third-party content.