Creating and Managing Plugin Marketplaces

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Plugin Sources and Distribution sections explicitly allow adding and cloning public git repositories (e.g., "github:username/repo", "https://github.com/... .git") and instruct users to run "/plugin marketplace add " so the agent will fetch and load third-party (potentially user-generated) repository content that could contain instructions influencing its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching and loading plugins at runtime from git URLs (e.g., https://github.com/username/repo.git and the shorthand github:username/repo), which will be cloned/loaded by Claude Code and can contain plugin code/agents that control prompts or execute remote code.