day1-onboarding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly instructs installing and loading plugins from external marketplaces (references/block3-7-plugin.md: "/plugin marketplace add ...", "/plugin install ...") and demonstrates reading user-generated messages via MCP/Slack in the demo (references/block1-experience.md: "/weekly-sync"), so the agent will fetch and ingest untrusted third‑party content that can materially influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs that, at runtime, the agent should curl official documentation and read it into context (e.g., https://code.claude.com/docs/ko/setup), which means remote content from code.claude.com can be fetched and injected into the model’s prompts/answers.