creating-a-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill instructs the agent to install and load plugins from external sources (e.g., "Source formats" showing GitHub repos and git URLs, and commands like /plugin marketplace add and /plugin install), which causes the agent to fetch and auto-discover/read third-party plugin files (commands/agents/skills) from untrusted public repositories and URLs.