settings-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly mandates fetching and validating documentation from external MCP/search services (see references/audit-framework.md "Technologies Requiring MCP Validation" which requires querying microsoft-learn, perplexity, context7/MCP servers) and the schema/skill allows configuring external marketplaces via URL/GitHub/git/npm (references/claude-code-settings.schema.json extraKnownMarketplaces), so the agent is expected to ingest untrusted third‑party web content that can influence audits and tool behavior.