claude-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly shows dynamic context injection and examples like !gh pr view --comments and !gh pr diff (under "동적 컨텍스트 주입" / "PR context"), which run commands that fetch user-generated GitHub PR comments/diffs and insert their output into the model context, meaning untrusted public content can be read and influence agent decisions and tool use.