statusline-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly recommends and configures the third‑party ccstatusline widget (SKILL.md "Two Approaches" and references/ccstatusline-guide.md) and shows examples of running package fetchers like "bunx ccstatusline@latest" and "npx -y ccusage@latest" (references/ccstatusline-guide.md Custom Command examples), which would fetch and execute untrusted, public npm/GitHub code and whose output is read by the statusline runtime and therefore can materially influence behavior.