skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports "Import skill" in /skill setup which can "Download skill from a URL (e.g., GitHub gist)" and then validates/parses and saves that markdown frontmatter as a local skill that Claude may automatically apply—meaning arbitrary public URLs/user-generated content can be ingested and can change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's interactive "Import skill" option explicitly downloads a skill from a user-provided URL at runtime (e.g., raw GitHub Gist URLs such as https://gist.githubusercontent.com/.../raw/...), and that fetched markdown becomes a local skill which directly controls agent prompts/instructions, so it is a runtime external dependency that can execute control over the agent.