tinymist-release

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs running the repository helper and to use its JSON output including "changelog status" and "changelog-summary coverage the helper can compute from GitHub-generated notes" (SKILL.md steps 2 and 4), which means the agent will ingest and act on user-generated GitHub content that could contain untrusted instructions influencing release decisions.