nvim-plugins

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs the agent to use web access/WebFetch and a plugin-advisor agent to check public third-party sources (e.g., GitHub stars/activity and releases, the awesome-neovim repository, and Reddit r/neovim), so it fetches and interprets untrusted user-generated web content as part of its recommendation decisions.