claude-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly requires using WebFetch to read live third‑party documentation from shared/live-sources.md and documents/uses server-side WebFetch/WebSearch tools and mounting arbitrary GitHub repositories in the Managed Agents flows, so the agent will fetch and act on public third‑party content (e.g., SDK docs, web pages, and user GitHub repos) that could carry injected instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly configures an external MCP server URL (e.g., https://my-mcp-server.example.com/sse) in Managed Agents which is contacted at agent runtime to provide tool calls and drive agent behavior (tools/mcp_toolset), meaning remote content at that URL can directly control prompts and execute code.