sync-from-vibe-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly clones and reads files from the public GitHub repo https://github.com/doodledood/claude-code-plugins (e.g., agent files and SKILL.md) and ingests that untrusted, user-originated content into its sync workflow, which could carry indirect prompt-injection instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly clones and reads files from https://github.com/doodledood/claude-code-plugins at runtime and uses those agent/skill files as the source of truth to generate/update skill prompts and implementations, so remote content can directly control prompts or code.