manage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly lets scheduled tasks grant the Claude agent web-browsing/fetch tools (e.g., "WebSearch", "WebFetch", "Bash(curl )") via the required permission-selection workflow (see SKILL.md Step 6: Permissions) and the permission_presets.py presets, and the generated wrappers pass those --allowedTools/permission-mode flags to the claude CLI (references/wrapper-template.sh/.ps1), so the agent can fetch and read arbitrary public web content that could contain instructions influencing subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill creates and edits scheduled tasks and wrapper files on the host and explicitly exposes a "Bypass" option (--dangerously-skip-permissions / --permission-mode bypassPermissions) that directs the agent to skip permission checks, which can be used to bypass security controls and modify machine state.