post-merge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches PR metadata with gh pr view and reads the team's CLAUDE.md from the repository (Step 1 and Step 2 in SKILL.md), both of which are user-generated third-party content that the script parses and uses to decide deploy method and dispatch jobs, so untrusted content can influence actions.