cli-reference

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The CLI explicitly accepts piped or command-output input (e.g., "gh pr diff | claude -p 'Review for security'") and supports reading files/outputs, which can include untrusted, user-generated third-party content (public GitHub PRs or other web-sourced data) that the agent is expected to read and interpret, creating an indirect prompt-injection risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt explicitly promotes bypassing permission prompts (e.g., --dangerously-skip-permissions), enables automated shell tooling (Bash tool, plugin-dir, --agents with tool lists) and headless CI patterns that encourage running commands without interactive permission checks, which could allow modification of machine state.