omc-doctor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Auto-Fix workflow explicitly calls WebFetch to retrieve the raw CLAUDE.md from a public GitHub URL (https://raw.githubusercontent.com/Yeachan-Heo/oh-my-claudecode/main/docs/CLAUDE.md), so it ingests untrusted third‑party content that can be written into config and thereby alter agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Auto-Fix step issues a WebFetch to https://raw.githubusercontent.com/Yeachan-Heo/oh-my-claudecode/main/docs/CLAUDE.md at runtime to retrieve raw markdown that would be written into ~/.claude/CLAUDE.md (which can contain OMC markers and effectively inject prompts/instructions), so this is a runtime external dependency that directly controls agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.40). The skill instructs the agent to modify and delete user configuration files and directories (rm, edit settings.json, write CLAUDE.md fetched from the web), which changes the machine state and could delete user data, but it does not request sudo, modify system-level files, or create accounts, so the risk is moderate rather than high.