registry-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads SKILL.md files and directory listings from watched registries (e.g., GitHub repos listed in references/registries.yaml and the watched-registries file at ~/.claude/.../CLAUDE.md) and presents/searches their name/description as part of its workflow, which exposes it to untrusted, user-generated third-party content that could contain instructions influencing decisions to view or install skills.