claude-clone

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md: the "Archaeology" step and the requirement to report "Upstream + commit SHA" and "Files cited") explicitly reads and interprets upstream open-source repositories via build-vs-clone and skillbox, meaning it ingests arbitrary public third-party code/content that can materially influence subsequent tool use and decisions.