skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The /skill setup workflow (Step 3, Option 4 "Import skill") explicitly lets the agent download a skill from a provided URL (e.g., GitHub gist) or accept pasted skill markdown and then save/apply it locally — allowing untrusted, user-generated web content to supply skills that Claude may automatically apply and thus alter agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The "/skill setup" Import Skill option downloads skill Markdown from a user-provided URL at runtime (e.g., a GitHub Gist / raw.githubusercontent.com link) and saves it as a local skill whose frontmatter/content directly control agent behavior, so this is a runtime external dependency that can control prompts.