jupyter-notebook-best-practices

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The "Memory Protocol" mandates reading a local internal file (cat .claude/context/memory/learnings.md) and instructs persistence/assumptions about context resets, which are explicit, out-of-scope directives to access/alter agent memory and behavior unrelated to Jupyter notebook best practices, so this is a prompt injection.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's references/research-requirements.md explicitly instructs using WebFetch and arXiv to obtain "current best practices," meaning the agent is expected to fetch and ingest open/public third-party web content (arXiv/pages) that can influence rules and subsequent actions.