release

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow (Step 4) explicitly runs GitHub queries (e.g., "gh pr view {PR_NUMBER} --repo toss/es-toolkit --json author" and "gh api repos/toss/es-toolkit/commits/{FULL_SHA}") to fetch public, user-generated PR/commit data and then uses those commit/PR descriptions and author names to build the changelog and contributors list which are committed and potentially pushed, meaning untrusted third‑party content is read and incorporated into actions.