automatic-stateful-prompt-improver

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill automatically calls the prompt-learning MCP (per SKILL.md "CALL: mcp__prompt-learning__optimize_prompt") and the MCP server specification (references/mcp-server-spec.md) shows a retrieve_prompts/suggest_improvements flow that fetches and analyzes stored prompt_text from a vector DB (Qdrant) — i.e., untrusted/user-generated prompt content is retrieved and used to generate optimizations that can change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The setup instructs running a remote installer and cloning a repo that will be executed (curl -fsSL https://someclaudeskills.com/install/prompt-learning.sh | bash and git clone https://github.com/erichowens/prompt-learning-mcp.git then npm run/node), which fetches and runs remote code to install the MCP server that the skill requires to control/modify prompts at runtime.