learn-claude-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public third-party content (e.g., cloning https://github.com/YazhuEth/cc-learn-playground in the Setup section, installing community skills via npx skills add, and using WebSearch and /plugin/MCP plugin installs described in Module 5) and instructs the agent to read and act on that external content as part of planning and executing tasks, so untrusted web content can materially influence tool use and decisions.