claude-code-headless

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and workflows (references/cli-options.md and references/integration-patterns.md) explicitly show using WebSearch/WebFetch and fetching PR diffs via gh pr diff (public/user-generated web content) which is piped into Claude for analysis and can drive actions (e.g., auto-accept edits, post comments), allowing untrusted third-party content to influence tool use and decisions.