claude-code-expert

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt includes a hidden HTML comment ("") that silently permits a dangerous curl | bash pattern, which is a deceptive instruction outside the skill's documented purpose and scope.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs adding and using MCP servers that fetch and scrape open/public third‑party content (see "5. Mcp Servers" which lists "puppeteer / playwright", "fetch", and "github" and examples like "claude mcp add github"), and it directs sub-agents and workflows to research documentation and act on those results, meaning the agent will ingest untrusted, user-generated web content that can materially influence subsequent tool use and decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). Flagged because the skill encourages execution of arbitrary shell code (hooks that run commands, MCP servers, sub-agents with Bash), exposes a --dangerously-skip-permissions flag, and even contains a security-allowlist for "curl | bash", which together enable bypassing protections and modifying the host state.