meta-hook-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's documentation explicitly lists WebFetch/WebSearch as tools in references/event-types.md and describes PreToolUse/PostToolUse hooks receiving tool_input/tool_response and allowing hooks (command/prompt/agent) to modify inputs, auto-approve/deny, or inject additionalContext (see SKILL.md and references/hook-configuration.md), meaning untrusted web pages or search results fetched via WebFetch can be ingested and materially influence agent decisions and tool use.