rust-api-guidelines

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's sync.sh (documented in README.md under "Syncing with upstream") explicitly clones the public repo https://github.com/rust-lang/api-guidelines and then invokes the agent (claude) to read those fetched reference markdown files and regenerate SKILL.md, so untrusted third‑party GitHub content is fetched and directly read/interpreted to determine the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The included sync.sh script performs a runtime git clone of https://github.com/rust-lang/api-guidelines.git and then instructs the local Claude process to read those fetched markdown files to regenerate SKILL.md, meaning remote content (from that URL) is fetched at runtime and directly controls the agent's prompt/context.