claude-code-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly performs automated "GitHub Discovery" ("Searches GitHub for community resources (always enabled)") and fetches public documentation URLs (e.g., GitHub links and external docs.claude.com / anthropic.com pages), which are untrusted, user-generated third-party sources that the agent is expected to read and interpret as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs at runtime to "fetch latest docs" (e.g. web_fetch: https://docs.claude.com/en/docs/claude-code/settings and https://www.anthropic.com/engineering/claude-code-best-practices) and uses that fetched content to generate/update agent/command configuration and prompts, meaning those external URLs are fetched at runtime and directly influence agent instructions.