Changelog Curator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs the agent to ingest and parse user-provided git logs or lists of PR titles/descriptions ("Provide: The git log ... or a list of PRs" and "Step 1 — Parse the input"), which are untrusted, user-generated third-party content and are used to drive categorization and changelog generation, so malicious text in those inputs could influence the agent's behavior.