claude-skills-troubleshooting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's activation flow and architecture explicitly load plugin metadata and SKILL.md files from marketplace repositories (e.g., GitHub repos referenced in ~/.claude/plugins/known_marketplaces.json and the ~/.claude/plugins/marketplaces/ and cache/ directories) into the model's system prompt/context, meaning untrusted, user-supplied third‑party content is ingested and interpreted at runtime.