lyft

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Flagged because the SKILL.md "Installation" and references/platform.md explicitly instruct reading/applying content from a public raw.githubusercontent.com URL (https://raw.githubusercontent.com/...), meaning the agent is expected to fetch and ingest user-hosted GitHub content that can contain untrusted instructions which could change its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's installation and platform instructions explicitly tell the agent to fetch and "Read https://raw.githubusercontent.com/lucaswhch/awesome-skills/main/skills/enterprise/lyft/lyft-engineer/SKILL.md" and append/apply it to the agent's system file (~/.claude/CLAUDE.md), so remote content is fetched at runtime and directly controls agent prompts/instructions.