claude-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflows and examples (e.g., SKILL.md and the managed-agents examples like curl/managed-agents.md and the language READMEs) explicitly instruct mounting and ingesting external GitHub repositories and using WebFetch/WebSearch/WebFetchTool to pull public web content which the agent is expected to read and act on (e.g., "Summarize the repo README", mounting "https://github.com/owner/repo"), so untrusted third‑party content can materially influence tool use and agent decisions.