meta-tags-optimizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly states it "Reads" external files such as CLAUDE.md and the shared State Model from public GitHub URLs (e.g., github.com/aaron-he-zhu/…/CLAUDE.md), meaning the agent fetches and interprets open/public third‑party content that could alter its decisions and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly states it "Reads" external docs at runtime (e.g., https://github.com/aaron-he-zhu/seo-geo-claude-skills/blob/main/CLAUDE.md), meaning fetched repository content is used to control guidance/prompts the agent follows, creating a high-confidence runtime dependency on external instructions.