changelog-draft

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches PR bodies, files, and issue data directly from GitHub via the gh CLI (see SKILL.md Step 2 and scripts/fetch_prs.py, fetch_issue_reporters.py, classify_contributors.py), which are untrusted, user-generated third‑party contents that the agent parses and uses to decide changelog entries, inclusion, and attributions—allowing those external texts to materially influence behavior.