doctor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches content from public third-party sources — it runs npm view against the public npm registry and (in auto-fix) uses WebFetch to pull raw Markdown from raw.githubusercontent.com — and the agent is expected to read/interpret and write that fetched CLAUDE.md, which could contain untrusted instructions enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Auto-Fix step issues a runtime WebFetch to https://raw.githubusercontent.com/Yeachan-Heo/oh-my-claudecode/main/docs/CLAUDE.md which is fetched and written into ~/.claude/CLAUDE.md, meaning remote content would directly control agent configuration/prompts.