claude-agent-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly exposes the agent to untrusted third‑party content: SKILL.md lists built-in tools WebSearch and WebFetch, references/custom-tools.md and typescript-patterns.md include HTTP/API tools that fetch arbitrary URLs (e.g., api_request, fetch_data) and examples using external MCP servers/Playwright to open example.com, so the agent is expected to read and act on arbitrary web content at runtime.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes runtime mcp_server entries that run npx to fetch and execute remote npm packages (e.g., the runtime commands "npx @playwright/mcp@latest" and "npx @modelcontextprotocol/server-postgres" in the mcp_servers examples), which will download and execute remote code during skill execution and thus are a high-risk runtime dependency.