claude-code-pm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs installing and using external skills from public repos (e.g., npx skills add vercel-labs/agent-skills / cyberelf/agent_skills in scripts/setup.sh and references/skills-catalog.md) and encourages using the "find-skills" flow and browsing GitHub/skills.sh, meaning the agent will fetch and load untrusted, user-authored third‑party content that can influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scripts and docs run npx skills add to install remote skill repositories (e.g., vercel-labs/agent-skills — https://github.com/vercel-labs/agent-skills and cyberelf/agent_skills as used in setup/delegate scripts), which are fetched at runtime and provide SKILL.md/skill code that directly influences agent prompts/behavior and can include executable content, so this is a runtime remote dependency controlling the agent.