skill-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and installs code from a public GitHub URL (auto-install uses https://github.com/daymade/claude-code-skills) and its "External Review" and "Auto-PR" modes instruct cloning and reading external/open skill repositories, so the agent would consume untrusted, user-generated third-party content as part of its workflow.