day3-clarify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly instructs the agent to fetch and read external plugin files installed from the public Marketplace (e.g., "/plugin marketplace add" and then "clarify 플러그인의 plugin.json / SKILL.md를 Read로 읽어줘" in references/block3-plugin-and-unknown.md) and also tells the agent to curl official documentation from the web and Read those files when the built-in agent is inaccurate (SKILL.md "공식 문서를 curl로 파일에 저장한 뒤 Read 툴로..."), which means the agent will ingest untrusted third‑party web/plugin content and use it to drive questions, decisions, and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs the agent at runtime to fetch and install external plugins/repositories that contain SKILL.md files which directly control prompts (e.g., "/plugin marketplace add team-attention/plugins-for-claude-natives" and "npx skills add ai-native-camp/camp-2"), so those repository references are runtime external dependencies that can alter agent instructions.