gws-korean-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Phase 5 workflow explicitly installs a Claude Code skill from a public GitHub URL ("npx skills add https://github.com/googleworkspace/cli"), which fetches and installs untrusted third‑party code that the agent (Claude Code) will load and use as runtime commands, allowing that external content to influence tool behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). It explicitly advises using sudo for a global npm install ("sudo npm install -g ..."), which requests elevated privileges that modify system-wide state, so it should be flagged though most other steps are user-level operations.