claude-plugin-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs loading external marketplaces and plugins from untrusted sources (e.g., "claude plugin marketplace add" / marketplace.json entries and plugin "source" fields that support GitHub, git URLs, remote URLs and npm) and describes that Claude will load and execute plugin components (skills SKILL.md, agents, hooks/hooks.json, .mcp.json) which can change system prompts, run commands, start servers, or be auto-invoked—so third‑party content fetched from those URLs can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The documentation explicitly instructs fetching the remote documentation index at runtime (https://code.claude.com/docs/llms.txt), and the marketplace/plugin installation flow described allows remotely fetched marketplace.json or git repos to define skills, hooks, MCP servers or scripts that can inject prompts or execute code, so this is a runtime external dependency with potential to control agent instructions or run code.