setperms

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill writes a required rules file (.claude/rules/cli-tools.md) that explicitly instructs the agent to use WebFetch, r.jina.ai/URL, and firecrawl (and grants permission for curl/http/etc.), which causes the agent to fetch and interpret arbitrary public web pages (untrusted third‑party content) as part of its workflow and could therefore influence subsequent tool use and decisions.