claude-ecosystem

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly documents connecting to external MCP servers that perform web search and scraping (e.g., references/mcp-integration.md lists "brave-search" and "puppeteer") and also describes auto-discovering and installing third‑party plugins/skills from GitHub/npm/URLs whose SKILL.md and hook scripts are loaded/executed (references/hooks-and-plugins.md and references/agent-skills.md), so the agent will fetch and act on untrusted public content that can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill configuration includes remote MCP servers called at runtime (e.g., "url": "https://api.example.com/mcp" in .claude/mcp.json), which the agent will connect to for tool/context and thus can supply prompts or execute code — a runtime external dependency that controls agent behavior.