create-cowork-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs creating and using external MCP servers (.mcp.json) and agent components that "Read all ticket descriptions" (agents/ticket-analyzer in references/example-plugins.md and the Phase 3 MCP Servers steps), which means the agent will ingest user-generated content from third-party services (e.g., issue trackers, chat, HTTP/SSE endpoints) as part of its workflow.