claude-code-methodology

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly describes ingesting and executing external, user-provided content that can influence behavior—e.g., references/07-extensibility.md states "Skills are markdown files that get injected into the system prompt" and references/02-system-prompt.md notes dynamic "MCP instructions" from connected MCP servers (and hooks that run external commands), which are untrusted third-party inputs that the agent is expected to read and which can materially change tool use and decisions.