claude-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's server templates (e.g., templates/cloudflare-worker.ts and templates/nextjs-api-route.ts) accept arbitrary "messages" from incoming requests and forward them to the Claude API (and the tool-use patterns/templates show the model-triggered tool execution loop), which clearly ingests untrusted user/third‑party content that can influence tool execution and next actions.