federation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's RegistryClient explicitly "fetches plugin indexes from multiple sources" including remote HTTP(S) URLs and the workflow shows adding public registries (e.g., https://marketplace.claude.dev/registry.json and https://plugins.team.dev/index.json), and those fetched registry/index and manifest contents are read and used by the resolver and policy engine to decide which plugins to install—so untrusted third‑party registry content can materially influence actions.