workflow-composer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly references a "Workflow Library" and "community workflows" and shows commands like claude workflow install / claude workflow browse (Workflow Library section), meaning the skill can download and parse user-contributed workflow YAML from the community/marketplace—which may contain untrusted instructions (bash steps, skill calls) that the agent will execute or use to drive actions.