code-env-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and consumes a public GitHub raw file (https://raw.githubusercontent.com/joaquimscosta/arkhe-claude-plugins/main/docs/CLAUDE_CODE_GUIDE.md) as part of its required workflow (see SKILL.md Phase 1 step 2 and "Guide Reference"), and it cross-references that guide to decide configuration actions (which servers to install, files/hooks to write), so untrusted third-party content can materially influence tool use and next actions.