configure-ecc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly clones a public GitHub repo (git clone https://github.com/affaan-m/everything-claude-code.git) and then reads, scans, and edits SKILL.md and rule files from that cloned, user-supplied content as part of its required installation and optimization workflow, so untrusted third‑party files can influence agent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs a runtime git clone of https://github.com/affaan-m/everything-claude-code.git to fetch SKILL.md and related files that are then copied and used as agent skills/instructions, so remote content directly controls agent behavior and is a required dependency.