day2-create-context-sync-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs (Block 2) using scripts/mcp_servers.py to search and parse public GitHub README.md files and then register MCP servers (.mcp.json), so the agent ingests untrusted, user-generated third‑party content from GitHub that can directly influence tool configuration and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs running "npx skills add ai-native-camp/camp-1 --agent claude-code --yes", which at runtime fetches and executes remote package code (a required startup step), so this is a runtime external dependency that executes remote code.