install-spinner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches spinner pack JSON from a public GitHub repo (via https://api.github.com/repos/alexpl292/awesome-claude-spinners/contents/spinners and https://raw.githubusercontent.com/...), then copies the untrusted spinnerVerbs into the user's ~/.claude/settings.json as part of the required workflow, allowing arbitrary third-party content to alter agent behavior and enable indirect prompt injection.