claude-code-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly documents fetching and ingesting third-party web content — e.g., references/mcp.md (adding HTTP MCP servers and "MCP Resources" that fetch @server:... resources), references/hooks.md and SKILL.md (PreToolUse tool inputs include WebFetch/WebSearch and MCP tools), and best-practices.md ("Give URLs for documentation") — meaning the agent is expected to read untrusted public URLs/MCP-provided data as part of workflows and that fetched content can modify tool inputs/decisions, creating a clear vector for indirect prompt injection.