ccpi-marketplace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md and SKILL.toon) instructs the agent to use ccpi search/install against the public "Tons of Skills" marketplace (e.g., tonsofskills.com and external GitHub/npm plugin packs), which ingests untrusted, user-published plugin content that can influence installation and subsequent agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires installing and running the ccpi CLI (pnpm add -g @intentsolutionsio/ccpi — https://www.npmjs.com/package/@intentsolutionsio/ccpi) and adding a GitHub plugin pack (e.g., jeremylongshore/claude-code-plugins — https://github.com/jeremylongshore/claude-code-plugins-plus-skills), both of which fetch and execute remote code or content at runtime and can directly influence agent behavior, so they are runtime external dependencies that pose risk.