agent-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly tells the agent to fetch live documentation from public third‑party URLs (see "Documentation Sources" listing https://github.com/anthropics/claude-agent-sdk-python and https://code.claude.com/docs/en/headless and the "When to Fetch Docs" / "Use WebFetch tool" instructions), so the agent will ingest untrusted web content that can influence its tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs users to run the install command curl -fsSL https://claude.ai/install.sh | bash to install the Claude Code CLI, which fetches and executes remote code and is treated as a required dependency for the skill.