plugin-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The plugin-builder reads and packages skills and marketplace entries from arbitrary public sources (e.g., GitHub repos / git URLs and user-provided source directories) and scans SKILL.md/frontmatter and manifests, so it ingests and interprets untrusted third-party content from those repositories.