docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's helper script (~/.claude-code-docs/claude-docs-helper.sh) explicitly "checks for the latest documentation from GitHub" and reads public community-mirror and docs pages (e.g., the GitHub repo and external docs URLs) on every request, so untrusted, user-generated third-party content from GitHub is fetched and interpreted as part of the agent's workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill executes a local helper script (~/.claude-code-docs/claude-docs-helper.sh) that "checks for the latest documentation from GitHub" and auto-updates from https://github.com/ericbuess/claude-code-docs, so runtime-fetched content from that repo directly controls the agent's responses (and could alter/execute helper code).