plugin-forge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's marketplace schema and workflows explicitly allow GitHub and generic URL sources (see references/marketplace-schema.md and the README/workflows sections with "/plugin marketplace add owner/repo" and "/plugin install"), which means the system can fetch and load arbitrary third-party plugin files (commands, SKILL.md, etc.) — untrusted user-generated content the agent is expected to read and execute, creating a pathway for indirect prompt injection.