claude-config

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill configures external plugin/marketplace sources (e.g., .claude/settings.json's "extraKnownMarketplaces" with "source":"github" and git URLs, plus npx/npm package examples) which cause Claude to auto-install and load code from third‑party GitHub/git/npm sources, exposing the agent to untrusted user‑generated content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). I flagged the git URLs (e.g. https://git.company.com/project-plugins.git and https://git.company.com/project/plugins.git) because the skill’s runtime behavior (auto-installing marketplaces/plugins when a trusted project is opened) will fetch code from those URLs and install/enable plugins that can execute remote code or alter agent behavior.