create-draft-release-notes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches GitHub-generated release note markdown with gh release view "$release_tag" -R "$repo" --json body (i.e., user/PR-generated content on GitHub), passes that untrusted content into the organizer script, and then uses the result to update the draft release via gh release edit, so third-party content is ingested and directly drives tool actions.