configure-ecc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly clones a public GitHub repository in Step 0 (git clone https://github.com/affaan-m/everything-claude-code.git) and then reads, interprets, and edits the SKILL.md and rule .md files from that repo as part of installation and optimization, so untrusted third‑party content can influence installation decisions and subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs "git clone https://github.com/affaan-m/everything-claude-code.git" at runtime to fetch SKILL.md files and accompanying scripts which are then copied/read/used to control agent prompts and behaviors (and may include executable hooks), so the remote repo directly controls instructions and is a required runtime dependency.