writing-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's runtime documentation (references/anthropic-best-practices.md — "Package dependencies" and "Runtime environment" sections) explicitly states the agent can install packages from npm/PyPI and pull from GitHub repositories, which are open/public, user-generated sources the agent may fetch and execute/read as part of its workflow, allowing third-party content to materially influence tool execution and decisions.