working-with-claude-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly describes ingesting and processing untrusted, user-generated content from public sources—e.g., fetching MCP resources like @github:repos/owner/repo/issues in references/common-workflows.md and responding to arbitrary GitHub/GitLab issue or PR comments via the GitHub Actions and GitLab CI/CD integrations—so the agent will read third-party content that could contain injected instructions.