claude-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs using external MCP servers and web tools (e.g., references/mcp-integration.md lists Brave Search, Puppeteer and remote MCP URLs) and to install/use plugins from GitHub or arbitrary URLs (references/hooks-and-plugins.md and plugin-install steps), and SKILL.md step 2C requires the agent to connect to and read/configure those MCP/plugin resources—clear evidence the agent will fetch and act on untrusted third‑party content that can influence tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill content includes an MCP remote-server configuration that the agent will contact at runtime (e.g., "https://api.example.com/mcp"), which would execute remote MCP tool code and can directly control agent tools/prompts, so this is a runtime external dependency that can execute code.