release

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the workflow explicitly reads user-generated GitHub content (e.g., "Gather user-facing changes" via git log and "Collect contributors" using gh pr view/gh issue view on the manaflow-ai/cmux repo) and uses that content to compose changelogs and drive release decisions, so untrusted third-party text could influence agent behavior.