claude-agent-sdk-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs using MCP servers and external tools (see SKILL.md Step 6 and references/mcp-integration.md) and shows examples with search/read tools (references/agentic-loop.md) that ingest content from external sources like GitHub, Slack, and web pages, so the agent will read untrusted third‑party content that can influence its tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill shows runtime npx invocations that fetch and execute MCP server packages (e.g., "npx -y @modelcontextprotocol/server-github", "npx -y @modelcontextprotocol/server-filesystem", and "npx -y @anthropic/mcp-server-slack"), which will download and run remote code and expose tools/prompts that can directly influence the agent at runtime.