claude-code-templates

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly instructs interactive browsing and installation of community-contributed components from the public marketplace (aitmpl.com) and linked GitHub/npm repositories via commands like "npx claude-code-templates@latest" and lists community attributions, meaning it fetches and ingests untrusted third-party content that can install or alter agents/commands/hooks and thus materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The README/skill instructs running "npx claude-code-templates@latest", which causes npx to fetch and execute remote package code from the npm registry (see https://www.npmjs.com/package/claude-code-templates), and that package supplies agent templates/prompts and therefore represents a runtime external dependency that can execute code and directly control agent instructions.