jenkinsfile-validator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Plugin Documentation Lookup" workflow and "Automatic Actions" explicitly instruct Claude to use Context7 MCP and fall back to WebSearch/WebFetch to retrieve public plugin documentation (e.g., plugins.jenkins.io and other web pages) and then validate plugin usage based on that content, meaning the agent will fetch and interpret untrusted third‑party web content as part of its decision-making.