publish-release

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches and reads user-generated GitHub content (e.g., via gh run list/view and gh release view and gh run view --job --log in scripts/run-release-sequence.sh), and the agent is required to inspect those release bodies and workflow logs to decide fixes, retries, and edits—exposing it to untrusted third-party content that can influence actions.