version-release

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to read and act on user-generated GitHub content (PR titles, PR bodies, commit logs, and PR authors) — e.g., using gh pr view, scanning git log main..canary, and relying on PR title formats in SKILL.md and the Claude Action Guide — which are third-party, untrusted inputs that can change release/versioning behavior.