claude-blog-sources
Warn
Audited by Snyk on Apr 21, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). This skill's Research Workflow and Monthly Article Review Process explicitly instruct the agent to WebFetch blog pages (e.g., "WebFetch: https://www.claude.com/blog/{article-slug}" and "Fetch Blog Index: https://www.claude.com/blog/") and to extract guidance that can change CLAUDE.md, create skills, or alter behavior, meaning it ingests public third‑party web content that can materially influence actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs WebFetch at runtime against the Claude blog (e.g., https://www.claude.com/blog/ and https://www.claude.com/blog/{article-slug}) and then injects the fetched article content into prompts for extracting guidance, so external content directly controls agent behavior.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata