benchmark-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly fetches and installs a plugin from a public GitHub URL ("npx add-plugin https://github.com/vercel/vercel-plugin" in Step 2) and then instructs the agent to load that .claude/settings.json plugin (Step 3), meaning the agent will ingest and act on untrusted third‑party code/content that can change its tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs npx add-plugin https://github.com/vercel/vercel-plugin during setup and then loads the resulting .claude/settings.json at runtime, so the GitHub URL (https://github.com/vercel/vercel-plugin) fetches and installs remote code that directly controls injected prompts/skills.