claude-code-showcase

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and acts on untrusted, user-generated content from external services—see .mcp.json (JIRA/GitHub MCP servers) and the command workflows .claude/commands/pr-review.md (runs gh pr view and reads changed files) and .claude/commands/ticket.md (uses jira_get_issue)—so the agent reads and uses public PRs/tickets/issues which could contain indirect prompt-injection instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill configuration invokes remote packages that are fetched and executed at runtime (e.g., npx @anthropic/mcp-jira, npx @anthropic/mcp-github, npx @anthropic/mcp-postgres, and npx @anthropic/claude-code in .mcp.json and CI), and the GitHub Actions use external actions (actions/checkout@v4, peter-evans/create-pull-request@v5), so these external dependencies are required at runtime and will execute remote code.