part1-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to connect to and read user-generated content from third-party services—e.g., Slack via references/block6-connector-slack.md (mcp__claude_ai_Slack__slack_read_channel) and multi-source collection in references/block10-finalize.md and templates/context-sync.md (Notion, Linear, Google/Gmail)—so the agent will fetch and interpret untrusted, user-provided content that can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs the user at runtime to add external MCP servers and to fetch-and-execute remote packages (e.g., registering HTTP MCP endpoints like https://mcp.notion.com/mcp and https://mcp.sentry.dev/mcp via claude mcp add and running installers such as npx -y @upstash/context7-mcp@latest and npx -y @anthropic-ai/mcp-fetch@latest), which will execute remote code and/or register external servers that can supply tools/prompts to the agent.