creating-commands

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly shows fetching and ingesting untrusted, user-generated third‑party content—e.g., SKILL.md describes installing plugins from arbitrary URLs ("/plugin marketplace add ") and examples.md/skills reference running "gh issue view $1" to pull GitHub issue data—which the agent is expected to read and use to drive branch creation and other actions, allowing external content to influence behavior.