evolve

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open/public third‑party content (e.g., raw SKILL.md via curl from https://raw.githubusercontent.com in 00-getting-started/_base/version-check.md) and also uses WebSearch/context7 as a required fallback in the skill-acquisition workflow to read web docs, which the agent is expected to interpret and which can change update/install and execution decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs runtime installs/loads from GitHub (e.g., github:miles990/claude-domain-skills#finance/quant-trading) via install_skill/load_skill and the version-check uses raw GitHub URLs, so remote repo content can be fetched at runtime and injected as skill instructions that control agent behavior.