dev-planner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL explicitly requires using MCP "web_search" and "web_fetch" in Phase 3 (MCP 工具检测与配置) and task dispatch/templates (e.g., "web_search：查最新文档、解决报错、查版本兼容" and "web_fetch：抓取完整文档页面" with "web_search → 查询 {内容}，已应用"), meaning the agent will fetch and apply untrusted public web content which can influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs runtime fetching of remote prompt/instruction files (e.g. curl -L https://raw.githubusercontent.com/cat9999aaa/dev-planner-skill/main/SKILL.md and git clone https://github.com/cat9999aaa/dev-planner-skill.git), which are loaded as system prompts/CLAUDE.md (thus directly controlling agent instructions) and are presented as required dependencies, so this is a high-risk runtime external dependency.