release-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (notably agents/changelog-generator.md and Step 2) explicitly reads and interprets git commit messages and, when available, GitHub data via "gh pr list" / "gh issue list" — user-generated, untrusted content that directly influences version bump recommendations, changelog/release notes, and subsequent release actions, so it can enable indirect prompt-injection.