dev-context-engineering

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly directs the agent to perform web search/web fetch and "Use web search/web fetch to verify current external facts" (see "Web Verification" and "Fact-Checking" sections and the referenced data/sources.json), which means the agent will ingest and act on untrusted public third-party content found on the open web.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The included CI workflow (template-sync.yml) runs at runtime and does "git clone --depth 1 https://github.com/org/template-repo /tmp/template" to fetch .claude/rules/* which are then copied into repos — these rule files are loaded into agent sessions and directly control agent prompts/instructions, so the remote URL https://github.com/org/template-repo is a runtime dependency that can control agent behavior.