post-deploy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads untrusted, user-provided repo content via "gh pr view" in Step 1 (Read PR Context) and the team's CLAUDE.md in Step 2 to derive post_deploy rules, and then uses that content to decide and execute actions (including running 'custom' command fields and shell scripts) so third-party repo content can directly influence tool use and behavior.