generate-changelog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill invokes ghlog to fetch commits from the public GitHub org (step 3) and explicitly instructs the agent to read /tmp/gramio-ghlog.md and the patch files in /tmp/gramio-patches/ (steps 4–5), which are untrusted, user-generated third‑party content that the agent must interpret to decide what docs/skills to create or update.