create-agent-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Dynamic Context Injection and API examples (e.g., the "Context" snippet with !git/!gh pr diff in SKILL.md and references/api-security.md which shows running ~/.claude/scripts/secure-api.sh and curl against services like Facebook/yourservice) explicitly instruct running commands that fetch third-party API/PR outputs (GitHub, social APIs, public endpoints) whose content is read into Claude and used to drive decisions, so untrusted/user-generated content could influence agent behavior.