claude-config-optimizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly fetches and reads public third-party content (see "2.2. Fetch from GitHub" which uses gh api to download the anthropics/claude-code CHANGELOG) and also includes "13. site2skill Usage" for converting arbitrary documentation URLs into skills, and that fetched user-generated/public content is parsed and used to determine features, breaking changes, and configuration actions—meeting all criteria for indirect prompt-injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs a runtime fetch of the repository changelog via the GitHub API (gh api repos/anthropics/claude-code/contents/CHANGELOG.md — https://github.com/anthropics/claude-code / https://api.github.com/repos/anthropics/claude-code/contents/CHANGELOG.md) and injects that remote content into the agent's analysis, so the fetched data directly controls prompts and is a required dependency for CHANGELOG operations.