omc-doctor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Auto-Fix explicitly fetches raw markdown from a public GitHub URL ("WebFetch(url: "https://raw.githubusercontent.com/Yeachan-Heo/oh-my-claudecode/main/docs/CLAUDE.md\", prompt: ...") and writes it into the user's CLAUDE.md, meaning untrusted third‑party content from the open web would be ingested and could change local config and subsequent agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Auto-Fix step contains a runtime WebFetch of https://raw.githubusercontent.com/Yeachan-Heo/oh-my-claudecode/main/docs/CLAUDE.md which would fetch remote markdown that can become the agent's CLAUDE.md (directly controlling prompts/instructions) and is therefore a risky external dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs the agent to modify and delete user configuration files and directories (rm, edit settings.json, overwrite CLAUDE.md, clear caches) and to fetch and write remote content, which directly changes the host machine's state and can delete user data—so it should be flagged.