release-changelog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 2 and contributor guidance explicitly instruct fetching and parsing commit messages, .changeset files, and merged PR data from GitHub (e.g., "gh pr list --json number,title,body,labels" and "gh api users/{guess}"), which are untrusted, user-generated third‑party contents that the agent must read and interpret to generate changelog entries and attributions, so malicious PR/commit text could influence its outputs.