claude-code-source-study
Warn
Audited by Snyk on Apr 7, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's own workflow ("Start Here" in SKILL.md) explicitly instructs cloning/opening a public GitHub repository (git clone https://github.com/luyao618/Claude-Code-Source-Study and links to https://github.com/anthropics/claude-code), meaning the agent/user is expected to fetch and read untrusted, user-generated third‑party content from the open web that could materially influence agent behavior.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt teaches and demonstrates registering and using tools like "bash" and "write_file" (and has a "BashTool" deep dive), which enable executing shell commands and modifying files on the host — even though it doesn't explicitly request sudo, user creation, or system-config edits, it clearly enables state-changing actions and thus poses a moderate risk.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata