claude-code-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests untrusted, user-generated third-party content — e.g., piping GitHub PR diffs into Claude ("gh pr diff $PR_NUMBER | claude -p" in patterns.md and the GitHub Actions examples) and similar CI patterns — which the agent is expected to read and act on, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The GitHub Actions and GitLab CI examples explicitly run curl -fsSL https://claude.ai/install.sh | bash at runtime, which fetches and executes remote code from https://claude.ai/install.sh and is used as the install step in CI, so it constitutes a runtime dependency that executes remote code.