release

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The bundled planner (scripts/release_plan.py) explicitly calls GitHub via gh commands (e.g., "gh release list" and "gh api repos/{repo}/commits/{sha}/pulls") to ingest PR titles, commit messages, and other user-generated GitHub data which the SKILL.md execution flow requires the agent to read (.local/release/release-plan.md) and use to decide the suggested version, draft release notes, and drive publish actions, so untrusted third‑party content can materially influence behavior.