skill-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly clones and reads SKILL.md from public GitHub repositories (e.g., hesreallyhim/awesome-claude-code and others), performs web_fetch on external marketplaces (https://skillsmp.com, https://clawhub.com) and then installs those third-party skills into ~/.claude/skills, so untrusted, user-generated web content is ingested and can materially change agent behavior.