claude-code-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly exposes an OpenAI-compatible embedded HTTP server (/v1/chat/completions) that accepts requests from arbitrary webchat frontends and labeling tools (see references/openai-compat.md and references/cli.md), forwarding their user-provided transcripts into persistent sessions that drive the CLIs and tool calls—meaning untrusted third-party content is ingested and can materially influence agent behavior and tool use.