claude-code-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly includes a WEB_FETCH tool ("WEB_FETCH
• 網頁抓取") and the AgentConfig.research profile enables 'WebFetch', which allows the agent to fetch and read arbitrary public web pages (untrusted third‑party content) as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.40). The skill explicitly enables file and shell tools (Read/Write/Edit/Bash), includes Dockerfile steps that run apt-get/npm and mounts host ~/.claude (exposing credentials), and shows monkeypatching internals—so it facilitates modifying the machine's state even though it does not instruct obtaining sudo, creating users, or editing system services.