develop-agent-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI (scripts/skillutil.ts) explicitly fetches and installs content from public sites—e.g., downloading GitHub archives in forkSkill/addSkill (github.com / codeload.github.com) and pulling docs via refresh-docs from code.claude.com—which ingests untrusted, user-provided SKILL.md and documentation that Claude can load and act on, so third-party content can materially influence agent decisions.