content-workflow

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). This is an untrusted personal GitHub repository (thatrebeccarae/claude-marketing) — while GitHub is a reputable host and the URL isn't a direct .exe download, cloning and copying its contents into a local agent/skills directory could introduce arbitrary scripts or malicious code, so it's potentially risky without verifying the repo contents and author.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Stage 1: Research" explicitly requires the agent to perform web searches and ingest RSS feeds / industry sources (public third‑party content) to produce a research brief that guides drafting and distribution, meaning untrusted external content is read and can materially influence subsequent actions.