writing-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md (see "Package dependencies" and "Runtime environment" in anthropic-best-practices.md) explicitly allows the agent to install packages from npm/PyPI and pull from GitHub repositories, meaning the agent may fetch and execute untrusted, user‑generated content from public third‑party sources which can materially influence tool use or next actions.