everything-claude-code-agent-harness

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly describes a "Search-First Development" workflow and includes a server handler example that calls performSearch/sanitized queries (and references public sites like GitHub, discussions, and social links), which shows the agent will fetch and ingest open web / user-generated content that can directly influence its decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The installation instructs fetching and executing remote code via "git clone https://github.com/affaan-m/everything-claude-code.git" followed by npm install / npm run install, which pulls in repository code (skills, hooks, agents) that directly control agent prompts and can execute code during runtime.