skill-neovim-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Stage 5 explicitly requires the spawned subagent to "Search web for plugin documentation" and "analyze findings and synthesize recommendations," meaning it fetches and interprets public third-party content (web/plugin docs) that can materially influence actions and decisions.