skill-compass

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly reads and evaluates arbitrary installed SKILL.md files from user skill roots (e.g., .claude/skills, ~/.claude/skills, extraDirs) as part of /setup, /eval-audit, and /eval-skill flows and then uses that content to drive decisions and generate/write improvements (see Step 3 of /setup.md and Phase 1 of /eval-improve.md), so untrusted third-party skill content can influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The eval-evolve command can install and invoke an external plugin at runtime—explicitly calling "claude plugin install ralph-wiggum@claude-code-plugins" and then running "/ralph-loop"—which fetches third‑party code and runs an autonomous prompt loop that issues commands, so this external plugin dependency is used at runtime and can directly control prompts/execution.