daily-releases

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md Step 2b (and the pipeline_map) explicitly instructs the orchestrating agent to read files like ./daily-releases//commits_detailed.txt and ./daily-releases//changes.diff produced by collect_day_dataset.py from GitHub (commit messages, PR/issue text and diffs), which are untrusted, user-generated third‑party content and are consumed by the agent to generate analysis.json that directly influences subsequent actions (release formatting and publishing).