ai-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Steps 2–4 and the tool registry delegation chains in references/tool-registry.md) explicitly directs the agent to fetch and read public web content (e.g., "WebFetch https://code.claude.com/docs/en/claude_code_docs_map.md", mcp__perplexity__search, and WebSearch) to obtain update/install commands which the agent may then execute, exposing it to untrusted third‑party content that could inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs a runtime WebFetch of https://code.claude.com/docs/en/claude_code_docs_map.md and then to fetch and return update/install commands from those pages, meaning remote content would directly control agent instructions and potentially executed update commands.