k6-docs-release

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow (SKILL.md) explicitly requires reading repository files (AGENTS.md, history.md), collecting commits via git/gh, viewing/editing GitHub releases and cloning the public grafana/k6-extension-registry, and curling proxy.golang.org — all public, user-generated sources whose content the agent is expected to read and use to compose release notes/Slack messages and drive release actions, so untrusted third-party content could indirectly inject instructions.