writing-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill documentation explicitly states in anthropic-best-practices.md (the "打包依赖" and "运行时环境" sections) that the agent/runtime can install packages from npm and PyPI and pull code from GitHub, meaning the agent may fetch and execute untrusted, public third‑party code which could materially influence its actions.