claude

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Update Check" step instructs the agent to fetch https://raw.githubusercontent.com/abpai/skills/main/versions.json and compare it to local metadata to decide whether to prompt an update, meaning public third-party content from GitHub is read and can change the agent's subsequent actions.