cicd-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows and scripts (e.g., the GitHub Actions examples that checkout PR branches and the scripts/claude-pr-review.sh which clones "https://github.com/$REPO.git" and runs claude on PR changes) explicitly fetch and analyze untrusted, user-provided repository/PR content and then act on those analyses (post comments, fail builds), so third-party content can influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The workflows call and install remote packages that are fetched and executed at runtime—notably the GitHub Action reference "uses: anthropics/claude-code-action@v1" (and the npm package install "npm install -g @anthropic-ai/claude-code")—which run external code that implements the agent/CLI and thus control prompts or execution in CI.