ama-logs-update-charts-release-notes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill runs gh pr list / gh pr view to enumerate merged PRs and authors, and then uses those PR titles/authors/URLs to generate the ReleaseNotes.md “What’s Changed” lines—this ingests outsider-authored free text (PR titles) from the GitHub API at runtime into the LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs docker pull and docker run against the remote image mcr.microsoft.com/azuremonitor/containerinsights/ciprod: to extract versions (e.g., /etc/os-release and ruby), which fetches and executes remote container code at runtime and is required by the workflow.