proxychains

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md automation rules explicitly instruct Claude to automatically fetch and retry network operations (e.g., proxychains4 git clone / curl / pip install / wget) against public, user-controlled domains such as github.com, raw.githubusercontent.com, pypi.org and npmjs.org, so the agent will fetch and act on untrusted third‑party content that could influence subsequent tool use.