skill-auditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly collects and ingests user-generated session transcripts (e.g., ~/.claude/projects/*.jsonl via collect_transcripts.py) and SKILL.md files from public/user skill directories (e.g., /mnt/skills/public, ~/.claude/skills via collect_skills.py), and it spawns LLM sub-agents that are instructed to read and act on those files to produce audit results and proposed patches that can be applied to skill descriptions — meaning untrusted third‑party content could carry instructions that materially influence analysis and proposed changes.