Claude SDK Expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly lists WebFetch/WebSearch under "Web Access" and the "Pattern: Multi-Step Research" shows the agent searching the internet, fetching articles, and summarizing them, so the agent is expected to ingest untrusted public web content that can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The MCP example runs a runtime command that fetches and executes remote code — "npx -y @modelcontextprotocol/server-github" — which would supply MCP tools that can directly influence agent prompts/tooling, so this is a high-confidence runtime external dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly references payment integration and payment-processing tools: Stripe is listed among "Example MCP Servers" (a direct payment gateway), and an integration test example expects a "process_payment" tool call. Those are specific, named financial APIs/functions (payment gateway and payment processing) rather than generic tooling, so the skill enables direct financial execution capability.