prepare-wordpress

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Phase 2 ("Install agent skills") runs npx skills add against public GitHub repos (e.g., https://github.com/automattic/agent-skills and https://github.com/jeffallan/claude-skills), fetching third‑party SKILL.md and code that the agent will install and may load/execute, thereby exposing it to untrusted external content that can change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The plan includes runtime npx commands that fetch and install agent skills from GitHub (e.g., https://github.com/automattic/agent-skills and https://github.com/jeffallan/claude-skills), which will download remote skill content that can contain prompts/instructions and executable code and are expected by the setup/verification steps, so this is a high-risk runtime external dependency.