claude-skill-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's best-practices.md explicitly instructs the agent to browse and fetch files from arbitrary GitHub repositories (e.g., using gh api "repos/OWNER/REPO/git/trees/main?recursive=1" and fetching contents), so the agent would ingest untrusted, user-generated third‑party content that could influence its actions.