cc-plugin-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows explicitly instruct fetching and installing plugins from public URLs (see SKILL.md "Installation Methods" e.g. "claude marketplace install https://github.com/user/plugin-repo.git") and its configuration/loader code (settings.json permissions, plugin-loader import in references/scripts) show the system will load and interpret third‑party plugin content, so untrusted user-generated repo content can materially influence agent behavior.