claude-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Managed Agents flows and examples (curl/managed-agents.md, go/managed-agents/README.md, and various managed-agents sections) explicitly show mounting and reading arbitrary third-party GitHub repositories and attaching external MCP server URLs, and the skill also directs the agent to WebFetch live SDK/docs from shared/live-sources.md — all of which cause the agent to fetch and interpret untrusted public content that can influence tool execution and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Managed Agents flows explicitly accept runtime URLs that are fetched and mounted or contacted (e.g., a GitHub repo URL like "https://github.com/owner/repo" and MCP server URL like "https://my-mcp-server.example.com/sse"), which will provide remote code/tools that the agent can execute or that directly influence its prompts and behavior.