developing-claude-code-plugins

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill instructs installing and loading plugins from external public sources (e.g., "Direct GitHub distribution" and marketplace entries with "https://github.com/..." or user-added marketplaces), and those plugins' SKILL.md and reference files are loaded into the agent's context—meaning the agent will fetch and read untrusted, user-provided web content.