day1-onboarding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill instructs the agent to browse and install plugins from public plugin marketplaces (e.g., "/plugin marketplace add obra/superpowers-marketplace" and "/plugin install clarify") and to fetch external resources (curl/install commands and visiting public sites), so the agent will fetch and read potentially user-generated third‑party marketplace content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to curl and save official documentation at runtime when the built‑in agent answer is inaccurate (e.g., https://code.claude.com/docs/ko/setup), meaning external content would be fetched during execution and injected into the agent's context to control its prompts/responses.