prompt-optimization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs the agent to fetch and read external public documentation and examples (e.g., "Fetch these before every refactor" with mcp__Ref__ref_read_url entries in references/subagent-refactoring-methodology.md and the WebFetch/Exa/Ref guidance in references/accessing_online_resources.md, plus public-sourced example content in references/example-claude-md-boris-cherny.md), meaning the agent will ingest untrusted third-party web/social content that can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The subagent-refactoring methodology explicitly requires fetching Anthropic docs at runtime ("Fetch these before every refactor") via mcp__Ref__ref_read_url entries (e.g., https://docs.claude.com/en/docs/build-with-claude/prompt-engineering/use-xml-tags and https://docs.claude.com/en/docs/build-with-claude/prompt-engineering/claude-4-best-practices), so these external URLs are required runtime dependencies whose fetched content directly controls agent prompts/instructions.