agency-agents-ai-specialists

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs users to git clone the public repo https://github.com/msitarzewski/agency-agents.git and then load community-sourced agent markdown files as system prompts (e.g., claude --system-prompt "$(cat ~/.claude/agents/engineering-software-architect.md)"), so untrusted third-party content from GitHub is ingested and directly shapes agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The README instructs cloning https://github.com/msitarzewski/agency-agents.git and then using the cloned markdown files as system prompts (e.g., cat ~/.claude/agents/... and claude --system-prompt "$(cat ... )"), so externally fetched content would directly control agent prompts at runtime.