skills-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Claude Code features docs (references/claude-code-features.md) explicitly describe Dynamic Context Injection using !`command` (for example !gh pr view --comments / `!`gh pr diff) which executes shell commands that pull public GitHub PR comments/diffs (user-generated third‑party content) and injects that output into the agent's prompt, so untrusted external content would be read and could materially influence the agent's decisions and tool use.